Secure By Default - Githubissues

chef-cookbooks / iptables

Development repository for Chef Cookbook iptables

https://supermarket.chef.io/cookbooks/iptables

Apache License 2.0

102 stars 141 forks source link

Secure By Default #14

Closed cwebberOps closed 10 years ago

cwebberOps commented 10 years ago

This closes #11

The updates in this PR do a few things

Adds a basic test-kitchen setup
- This includes testing all supported OS's as listed in metadata.rb
- Uses the cloud config that is standard for Chef managed cookbooks
Adds integration/post-converge tests
Adds default rules to restrict inbound traffic

andytson commented 10 years ago

I don't think this will work well. I can't see how it might order the prefix and postfix correctly, as iptables needs to have rules ordered, and rebuild-iptables will order them via directory listing order, where prefix comes after all_*, and postfix comes before any rule starting with q-z.

andytson commented 10 years ago

Ignore that, I see the rebuild-iptables script does take those filenames and reorders the listing. Perhaps the tests though should verify that?

cwebberOps commented 10 years ago

@andytson I was thinking that as well this morning. I am going to create an issue to follow up on that. Thanks for all your input on this issue.