Permalink
Browse files

iptables enhancements

1. generate rules for all listen ports
2. add recipe to generate rules
  • Loading branch information...
1 parent 2a9bd27 commit 03200c7e05245c20e112e1405a5f27ceb08b4876 @tjoneseng tjoneseng committed Jul 6, 2012
Showing with 23 additions and 2 deletions.
  1. +20 −0 recipes/iptables.rb
  2. +3 −2 templates/default/port_apache.erb
View
@@ -0,0 +1,20 @@
+#
+# Cookbook Name:: apache2
+# Recipe:: iptables
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+iptables_rule "port_apache"
@@ -1,2 +1,3 @@
-# Port <%= @port %>
--A FWR -p tcp -m tcp --dport <%= @port %> -j ACCEPT
+<% node['apache']['listen_ports'].each do |port| -%>
+-A FWR -p tcp -m tcp --dport <%= port %> -j ACCEPT
+<% end %>

0 comments on commit 03200c7

Please sign in to comment.