ANNOUNCE: Shorewall cookbook


#1

Howdy, all –

At the recent training/meetup in Austin, it came up that there’s been some
discussion on the need for firewall management. In that light, Tippr is
releasing the cookbook we use for Shorewall-based iptables configuration.
Our repository is available at
https://github.com/Tippr/tippr-public-cookbooks/tree/master/shorewall.
Patches, feedback, and the like would be appreciated; there’s some extremely
low-hanging fruit (such as support for operating systems other than CentOS)
available to be plucked. That said, we’ve been using this cookbook in
production for some time, and it works well for us.

The README should give a taste of the capabilities – we provide helpers
which use search to identify systems which should be placed in zones or to
which specific firewall rules should apply. That said, it should be possible
to use this cookbook in a chef-solo environment by avoiding search-related
functionality (some of the defaults, particularly the definition of the
lan zone, may need to be overridden for this purpose).

Thanks, and enjoy!


#2

BTW - this is awesome!

-Jesse

On Apr 3, 2011, at 5:02 PM, Charles Duffy wrote:

Howdy, all –

At the recent training/meetup in Austin, it came up that there’s been some discussion on the need for firewall management. In that light, Tippr is releasing the cookbook we use for Shorewall-based iptables configuration. Our repository is available at https://github.com/Tippr/tippr-public-cookbooks/tree/master/shorewall. Patches, feedback, and the like would be appreciated; there’s some extremely low-hanging fruit (such as support for operating systems other than CentOS) available to be plucked. That said, we’ve been using this cookbook in production for some time, and it works well for us.

The README should give a taste of the capabilities – we provide helpers which use search to identify systems which should be placed in zones or to which specific firewall rules should apply. That said, it should be possible to use this cookbook in a chef-solo environment by avoiding search-related functionality (some of the defaults, particularly the definition of the lan zone, may need to be overridden for this purpose).

Thanks, and enjoy!


#3

Thanks! Tippr has signed a CCLA, and we’d love to see this code in wider
use, up to and including adoption into opscode-cookbooks.

On Tue, Apr 5, 2011 at 1:18 PM, Jesse Robbins jesse@opscode.com wrote:

BTW - this is awesome!

-Jesse

On Apr 3, 2011, at 5:02 PM, Charles Duffy wrote:

Howdy, all –

At the recent training/meetup in Austin, it came up that there’s been some
discussion on the need for firewall management. In that light, Tippr is
releasing the cookbook we use for Shorewall-based iptables configuration.
Our repository is available at
https://github.com/Tippr/tippr-public-cookbooks/tree/master/shorewall.
Patches, feedback, and the like would be appreciated; there’s some extremely
low-hanging fruit (such as support for operating systems other than CentOS)
available to be plucked. That said, we’ve been using this cookbook in
production for some time, and it works well for us.

The README should give a taste of the capabilities – we provide helpers
which use search to identify systems which should be placed in zones or to
which specific firewall rules should apply. That said, it should be possible
to use this cookbook in a chef-solo environment by avoiding search-related
functionality (some of the defaults, particularly the definition of the
lan zone, may need to be overridden for this purpose).

Thanks, and enjoy!


#4

On Tue, Apr 5, 2011 at 12:39 PM, Charles Duffy charles@dyfis.net wrote:

Thanks! Tippr has signed a CCLA, and we’d love to see this code in wider
use, up to and including adoption into opscode-cookbooks.

It’d be great if you share it on community.opscode.com! Thanks guys!

Bryan