search

chr4-cookbooks / iptables-ng

Cookbook to maintain iptables rules and policies on different platforms, respecting the way the os handles these settings.
GNU General Public License v3.0
38 stars 33 forks source link

install correct packages for EL >= 7 #32

Closed nathwill closed 9 years ago

nathwill commented 9 years ago

this seems to do the trick for us; passed the iptables-ng integration tests, and passed our wrapper cookbooks' integration tests for rendering our specific rule-set on centos 7.

there's also an iptables-utils package on EL 7, which currently only provides nfnl_osf with the pf.os database (OS fingerprinting database). I left it off for now, but say the word if you'd like that added as part of this PR.

testing result details below:

[nathwill@wyrd iptables-ng]$ rubocop
Inspecting 48 files
................................................

48 files inspected, no offenses detected
[nathwill@wyrd iptables-ng]$ foodcritic -f any .

[nathwill@wyrd iptables-ng]$ kitchen list 70
Instance                                 Driver   Provisioner  Last Action
lwrp-chain-create-default-centos-70      Vagrant  ChefZero     Verified
lwrp-chain-create-custom-centos-70       Vagrant  ChefZero     Verified
lwrp-chain-create-if-missing-centos-70   Vagrant  ChefZero     Verified
lwrp-chain-create-empty-centos-70        Vagrant  ChefZero     Verified
lwrp-rule-create-default-centos-70       Vagrant  ChefZero     Verified
lwrp-rule-create-custom-centos-70        Vagrant  ChefZero     Verified
lwrp-rule-create-custom-chain-centos-70  Vagrant  ChefZero     Verified
lwrp-rule-create-if-missing-centos-70    Vagrant  ChefZero     Verified
lwrp-rule-delete-centos-70               Vagrant  ChefZero     Verified
lwrp-rule-check-order-centos-70          Vagrant  ChefZero     Verified
recipe-default-centos-70                 Vagrant  ChefZero     Verified
recipe-install-centos-70                 Vagrant  ChefZero     Verified
attribute-enabled-tables-centos-70       Vagrant  ChefZero     Verified
chr4 commented 9 years ago

Thank you so much for figuring this out! PR looks good to me. The smallest request: Could you remove the padding spaces in %w(), so they match with the other Array declaration? I should've created a linting rule for it. Will happily merge! I'd leave iptables-utils out of the default installation for now, as it is probably not required for most setups and it can easily be installed in the wrapper cookbook if required.

nathwill commented 9 years ago

@chr4 you bet! more than happy to help sort this out, as this cookbook's been a major lifesaver for us :)

chr4 commented 9 years ago

Released in v2.2.1