Iptables & firewall cookbooks status

Chef Infra (archive)
1

Hello!

I want to use Chef to configure firewall rules on CentOS 6.5

I found the iptables https://github.com/opscode-cookbooks/iptables
cookbook but it states that it may be deprecated in favor of the firewall
https://github.com/opscode-cookbooks/firewall cookbook. However, there is
recent work still being done on the iptables cookbook. The firewall
cookbook uses ufw and thus only supports Debian & Ubuntu.

One of the tickets the iptables cookbook references is COOK-688
https://tickets.opscode.com/browse/COOK-688 but there has been no
activity for 3 years.

What should I be using to manage firewall rules with chef on CentOS?

Thanks!
Greg

2

So I did a bit of work on the iptables cookbook recently. I don't think there are plans at this point to replace the iptables cookbook with the firewall cookbook.

-- cwebber

On Sep 12, 2014, at 17:52, Greg Barker fletch@fletchowns.net wrote:

Hello!

I want to use Chef to configure firewall rules on CentOS 6.5

I found the iptables cookbook but it states that it may be deprecated in favor of the firewall cookbook. However, there is recent work still being done on the iptables cookbook. The firewall cookbook uses ufw and thus only supports Debian & Ubuntu.

One of the tickets the iptables cookbook references is COOK-688 but there has been no activity for 3 years.

What should I be using to manage firewall rules with chef on CentOS?

Thanks!
Greg

3

There is also the simple_iptables cookbook which in spite of the name allows for fairly complex rulesets, and is under active development and usage.

cheers
mike


Michael Hart
Arctic Wolf Networks
M: 226-388-4773

On Sep 12, 2014, at 21:15, Christopher Webber <cwebber@getchef.commailto:cwebber@getchef.com> wrote:

So I did a bit of work on the iptables cookbook recently. I don’t think there are plans at this point to replace the iptables cookbook with the firewall cookbook.

– cwebber

On Sep 12, 2014, at 17:52, Greg Barker <fletch@fletchowns.netmailto:fletch@fletchowns.net> wrote:

Hello!

I want to use Chef to configure firewall rules on CentOS 6.5

I found the iptableshttps://github.com/opscode-cookbooks/iptables cookbook but it states that it may be deprecated in favor of the firewallhttps://github.com/opscode-cookbooks/firewall cookbook. However, there is recent work still being done on the iptables cookbook. The firewall cookbook uses ufw and thus only supports Debian & Ubuntu.

One of the tickets the iptables cookbook references is COOK-688https://tickets.opscode.com/browse/COOK-688 but there has been no activity for 3 years.

What should I be using to manage firewall rules with chef on CentOS?

Thanks!
Greg

4

Thanks for the additional info and suggestion of simple_iptables.

cwebber - If it's sticking around should the readme be updated then? I was
hesitant to start using something that had a deprecation warning in the
second sentence of the description.

On Mon, Sep 15, 2014 at 9:11 AM, Michael Hart michael.hart@arcticwolf.com
wrote:

There is also the simple_iptables cookbook which in spite of the name
allows for fairly complex rulesets, and is under active development and
usage.

GitHub - rtkwlf/cookbook-simple-iptables: Simple Chef iptables cookbook

cheers
mike

--
Michael Hart
Arctic Wolf Networks
M: 226-388-4773

On Sep 12, 2014, at 21:15, Christopher Webber cwebber@getchef.com
wrote:

So I did a bit of work on the iptables cookbook recently. I don't think
there are plans at this point to replace the iptables cookbook with the
firewall cookbook.

-- cwebber

On Sep 12, 2014, at 17:52, Greg Barker fletch@fletchowns.net wrote:

Hello!

I want to use Chef to configure firewall rules on CentOS 6.5

I found the iptables https://github.com/opscode-cookbooks/iptables
cookbook but it states that it may be deprecated in favor of the firewall
https://github.com/opscode-cookbooks/firewall cookbook. However, there
is recent work still being done on the iptables cookbook. The firewall
cookbook uses ufw and thus only supports Debian & Ubuntu.

One of the tickets the iptables cookbook references is COOK-688
https://tickets.opscode.com/browse/COOK-688 but there has been no
activity for 3 years.

What should I be using to manage firewall rules with chef on CentOS?

Thanks!
Greg

5

Michael,

Yeah, I should update that README. Thanks for pointing it out. I will try and get to that this week.

— cwebber

On Sep 15, 2014, at 1:25 PM, Greg Barker fletch@fletchowns.net wrote:

Thanks for the additional info and suggestion of simple_iptables.

cwebber - If it's sticking around should the readme be updated then? I was hesitant to start using something that had a deprecation warning in the second sentence of the description.

On Mon, Sep 15, 2014 at 9:11 AM, Michael Hart michael.hart@arcticwolf.com wrote:
There is also the simple_iptables cookbook which in spite of the name allows for fairly complex rulesets, and is under active development and usage.

GitHub - rtkwlf/cookbook-simple-iptables: Simple Chef iptables cookbook

cheers
mike

--
Michael Hart
Arctic Wolf Networks
M: 226-388-4773

On Sep 12, 2014, at 21:15, Christopher Webber cwebber@getchef.com wrote:

So I did a bit of work on the iptables cookbook recently. I don't think there are plans at this point to replace the iptables cookbook with the firewall cookbook.

-- cwebber

On Sep 12, 2014, at 17:52, Greg Barker fletch@fletchowns.net wrote:

Hello!

I want to use Chef to configure firewall rules on CentOS 6.5

I found the iptables cookbook but it states that it may be deprecated in favor of the firewall cookbook. However, there is recent work still being done on the iptables cookbook. The firewall cookbook uses ufw and thus only supports Debian & Ubuntu.

One of the tickets the iptables cookbook references is COOK-688 but there has been no activity for 3 years.

What should I be using to manage firewall rules with chef on CentOS?

Thanks!
Greg