search

chef-cookbooks / iptables

Development repository for Chef Cookbook iptables
https://supermarket.chef.io/cookbooks/iptables
Apache License 2.0
102 stars 141 forks source link

Allow users to specify iptables rules by attributes, instead of template #25

Closed dennyzhang closed 8 years ago

dennyzhang commented 9 years ago

Here is current way to specify iptables rules

Quoted from https://supermarket.chef.io/cookbooks/iptables To enable port 80, e.g. in an httpd cookbook, create the following template:

Port 80 for http

-A FWR -p tcp -m tcp --dport 80 -j ACCEPT This would go in the cookbook, httpd/templates/default/http.erb. Then to use it in recipe[httpd]:

iptables_rule "http"

As a customer, I've plenty of iptables rules to generate. It's really painful to generate a dedicated template file for each rule.

To dynamically do that, specify iptables rules by attributes/varilable is better.

akemner commented 9 years ago

+1

ivanovteo commented 9 years ago

+1

iennae commented 8 years ago

@DennyZhang There is now a provider that you can use instead of the template. https://github.com/chef-cookbooks/iptables/blob/master/test/fixtures/cookbooks/iptables_test/recipes/no_template.rb is an example of this. Please check this out to see if it works for you. Attribute driven rules will be too bulky. Let us know if this is not sufficient. Thanks!

lamont-granquist commented 8 years ago

closing via #51