Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add node['firewall']['configuration'] for adjusting /etc/default/ufw #14

Closed
wants to merge 3 commits into from
Closed

Add node['firewall']['configuration'] for adjusting /etc/default/ufw #14

wants to merge 3 commits into from

Conversation

rchekaluk
Copy link

Supports a new attribute node['firewall']['configuration'] as a hash containing arbitrary ufw settings to be assigned in /etc/default/ufw. The recipe is idempotent and will add new settings to /etc/default/ufw, but edit settings if they exist already.

Example usage for using ufw with Docker:

    firewall_rules = {
      :firewall => {
        :configuration => {
          'DEFAULT_FORWARD_POLICY' => 'ACCEPT',
        },
        :rules => [
          {"docker_remote_api" => { "port" => "2375" } },
        ]
      }
    }

smurawski
smurawski reviewed Jan 19, 2015
View reviewed changes
recipes/configure.rb
fi
EOH
notifies :restart, 'service[ufw]', :delayed
end
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is a bash resource (or any of the execute resources really), you need to make sure either in your code block or in a guard that you are only modifying the file when it is needed. Especially in this case, where you are notifying a service to restart after the edits. If chef-client is run on a schedule that would continually edit the firewall file and restart the service.

@rchekaluk
Copy link
Author

Done, guard added per feedback. Also includes additional strengthening of grep and sed match patterns, and a condition to prevent editing if key is blank.

@tas50 tas50 removed the Signed CLA label Jan 5, 2017
pwalz pushed a commit to cla-rce/ufw that referenced this pull request Jun 27, 2017
@martinb3
Clean up ufw implementation
f15b20d 
- Merge from https://github.com/paulczar/firewall into ufw_defaults. Fixes sous-chefs#14.
- Clean up ufw implementation & ports syntax to be more obvious
@tas50
Copy link
Contributor

tas50 commented Jul 24, 2018

I'm going to close this out at this point since master has diverged to the point where it can no longer be merged. If you want to rebase the changes against master it would be great to have this change in this cookbook.

@tas50 tas50 closed this Jul 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@rchekaluk @tas50 @smurawski @chef-supermarket