Add a basic firewall with ufw.

[berkes]

Ubuntu comes with ufw, a friendlier wrapper around iptables. ufw is not too hard to manage through chef.

It would be good to set up boxen with a basic firewall.

Probably others have better ideas, but here is my basic set-up:

• Allow SSH from anywhere
• Allow HTTP from anywhere
• Allow HTTPS from anywhere
• Everything else is closed down

Alternatively, we could add a [firewall][ssh-whitelist] attribute, containing a list of IP-addresses that have access to SSH: that way you can close down SSH for the world except your own ip-addresses.

[jvanbaarsen]

@berkes Thanks for your input. I think its a good idea, and we will definitely look into this a bit further. If you have ideas how to solve this, please submit a pull request for this.