Permalink
Switch branches/tags
Commits on Feb 23, 2015
  1. Merge pull request #23 from irccloud/ubuntu-1404

    jvehent committed Feb 23, 2015
    Updated upstart-firewall.conf for Ubuntu 14.04
Commits on Apr 17, 2014
  1. Merge pull request #20 from irccloud/remove-template-timestamp

    jvehent committed Apr 17, 2014
    Remove the timestamp in rules.iptables
Commits on Apr 15, 2014
  1. Remove the timestamp in rules.iptables

    russss committed Apr 15, 2014
    The constantly-updated timestamp causes the resource to be updated on
    every Chef run. This causes a useless diff to be displayed in the
    chef-client output, and it also results in the iptables rules being
    re-loaded on every run.
Commits on Nov 20, 2013
  1. Merge pull request #18 from nickmeharry/dns-fix

    jvehent committed Nov 20, 2013
    Fix DNS lookup including extra IPs
Commits on Nov 19, 2013
Commits on Nov 7, 2013
  1. Merge pull request #17 from dave-shawley/master

    jvehent committed Nov 7, 2013
    recipes/default.rb: Initialize afw/rules attribute.
Commits on Aug 5, 2013
  1. recipes/default.rb: Initialize afw/rules attribute.

    dave-shawley committed Aug 5, 2013
    `default['afw']['rules']` is not necessarily initialized before it is
    referenced in the default recipe.  This seems to only occur when running
    in chef solo.
    
    Stacktrace:
    
        Generated at Mon Aug 05 12:51:54 +0000 2013
        NoMethodError: undefined method `each' for nil:NilClass
        /tmp/vagrant-chef-1/chef-solo-1/cookbooks/afw/recipes/default.rb:39:in `from_file'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/cookbook_version.rb:558:in `load_recipe'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:46:in `load_recipe'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:33:in `include_recipe'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:27:in `each'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:27:in `include_recipe'
        /tmp/vagrant-chef-1/chef-solo-1/cookbooks/locust/recipes/default.rb:14:in `from_file'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/cookbook_version.rb:558:in `load_recipe'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:46:in `load_recipe'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:33:in `include_recipe'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:27:in `each'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/mixin/language_include_recipe.rb:27:in `include_recipe'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/run_context.rb:79:in `load'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/run_context.rb:75:in `each'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/run_context.rb:75:in `load'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/client.rb:198:in `setup_run_context'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/client.rb:418:in `do_run'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/client.rb:176:in `run'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/application/solo.rb:230:in `run_application'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/application/solo.rb:218:in `loop'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/application/solo.rb:218:in `run_application'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/../lib/chef/application.rb:70:in `run'
        /opt/vagrant_ruby/lib/ruby/gems/1.8/gems/chef-10.14.2/bin/chef-solo:25
        /opt/vagrant_ruby/bin/chef-solo:19:in `load'
        /opt/vagrant_ruby/bin/chef-solo:19
Commits on Jul 10, 2013
  1. Merge pull request #15 from michaeljsmalley/master-fixdomain

    jvehent committed Jul 10, 2013
    Fixed domain
  2. Fixed domain

    Mike Smalley committed Jul 10, 2013
Commits on Jun 20, 2013
  1. Merge pull request #14 from djt5019/handle-integer-port-numbers

    jvehent committed Jun 20, 2013
    libraries.core: Convert the port number to a string
Commits on Jun 17, 2013
  1. libraries.core: Convert the port number to a string

    Dan Tracy committed Jun 17, 2013
    Previously, when checking the port number against the regex, we
    assumed that the port would always be a string.  When an integer
    was passed to the check_port function it would blow up and fail
    the chef-client run.
    
    This change will convert the value passed to a string and then
    attempt to run the regex against the value.
    
    The offending value was passed like:
    
    ```ruby
    AFW.create_rule(node, 'Some rule', {
      'protocol' => 'tcp',
      'direction' => 'out',
      'user' => 'some_chump',
      'destination' => '127.0.0.1',
      'dport' => 8080
    })
    ```
Commits on May 24, 2013
  1. Merge pull request #13 from Technicolor-Portico/master

    jvehent committed May 24, 2013
    Preventing auto cleanup of the rules
Commits on May 23, 2013
  1. Added node['afw']['disable_cleanup'] attribute support to prevent aut…

    radekg committed May 23, 2013
    …omatic rule cleanup on the chef server.
Commits on Apr 10, 2013
  1. Remove unused recipe

    Julien Vehent committed Apr 10, 2013
  2. Release v0.0.7

    Julien Vehent committed Apr 10, 2013
  3. Foodcritic fixes

    Julien Vehent committed Apr 10, 2013
  4. Merge pull request #9 from dim/master

    jvehent committed Apr 10, 2013
    Chef 11 compatibility
  5. Merge pull request #7 from elliotkendallUCSF/master

    jvehent committed Apr 10, 2013
    Support fetching dnsruby via OS package (or not at all), sanity check nil interfaces
Commits on Mar 16, 2013
  1. Correctly merge rules into a

    dim committed Mar 16, 2013
Commits on Feb 14, 2013
Commits on Feb 12, 2013
  1. Bump to v0.0.6

    Julien Vehent committed Feb 12, 2013
  2. set default use_rule_comments = true

    RJ committed Feb 12, 2013
  3. Merge branch '0.0.6'

    Julien Vehent committed Feb 12, 2013
    Signed-off-by: Julien Vehent <julienv@aweber.com>
  4. README cleanup

    Julien Vehent committed Feb 12, 2013
  5. Resolve FQDNs in the recipe

    Julien Vehent committed Feb 12, 2013
    I've had issues where performing the DNS resolution when loading the rules
    was slow. Plus, some DNS records will return multiple IP addresses, and we
    want to add all of them to the firewall (not just one of them).
    For these reasons, AFW will perform a full DNS resolution in the recipe, and
    the ruleset will only contain IP addresses.
  6. Fix init script

    Julien Vehent committed Feb 12, 2013
  7. Remove per user DROP, use global DROP instead

    Julien Vehent committed Feb 12, 2013
    Packets that do not find a matching rule will reach the end of the ruleset,
    and get dropped by the global DROP rule.
Commits on Feb 11, 2013
  1. Add :use_rule_comments option

    RJ committed Feb 11, 2013
    If set, iptables commands have -m comment --comment "Rule Name Here"
    added, resulting in iptables -L output like this:
    
    ACCEPT tcp -- 10.1.2.3 anywhere tcp dpt:http ctstate NEW /* Allow all HTTP */
Commits on Dec 21, 2012
  1. Bump to version 0.0.5

    Julien Vehent committed Dec 21, 2012
  2. Typo/Indent fixes

    Julien Vehent committed Dec 21, 2012