Closed Joseph-R closed 9 years ago
This is actually pretty simple.
As stated in the Docs, the rule
attribute of the iptables_ng_rule
provider also accepts an Array.
You can use map
to create the desired result:
iptables_ng_rule 'add_ips' do
chain 'FWR'
rule ips.map { |ip| "-s #{ip} -j ACCEPT" }
# As the source specified above is ipv4, this rule cannot be applied to ip6tables.
# Therefore, setting ip_version to 4
ip_version 4
end
I should probably add this to the README for future reference. Does this solves your problem?
Also note, that having whitespace in the name is a bad idea, as it translates into the filename. A future version might automatically escape whitespaces to underscores, but currently that's not the case.
I added this example to the README.
Another note: If you use the --source
parameter with ipv4 addresses, you will most likely have to restrict this ruleset to ipv4 only. You can do so using the ip_version 4
attribute.
I updated the example to reflect that.
Great, thanks Chris! Really appreciate your responsiveness on this.
iptables_ng_rule 'add_ips' do
chain 'FWR'
rule ips.map { |ip| "-s #{ip} -j ACCEPT" }
ip_version 4
end
This worked great for us, and removing the whitespace from rule names was also a good idea.
Thanks again for your input! I appreciate you updating your docs as well.
Hey Chris,
I'm looking for the best way to create rules for an array or hash of IPs stored in an attribute. So far, it looks like any attempt to loop through this simply overwrites down to the last entry in the array, which is then written to iptables. Example:
From attributes.rb:
From default.rb:
The above code yields one entry for the chain FWR, with the following output:
And adds one rule to /etc/sysconfig/iptables (on CentOS 6), that looks like this:
Is there a way around this? Or a better way to structure a list of IPs so that I can add in bulk?
I appreciate any feedback.