Open bdwyertech opened 7 years ago
martinb3
commented
7 years ago Hi there -- this looks like these are getting created by the Chef file resource. I would have expected these get written to /var/chef/backup, but not to the local directory. We'll have to test this, and perhaps expose an option, to turn it off.
bdwyertech
commented
7 years ago It looks like these are actually created by running ufw reset
root@firewalltest:/etc/ufw# ufw reset
Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)? y
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20170911_082950'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20170911_082950'
Backing up 'after.rules' to '/etc/ufw/after.rules.20170911_082950'
Backing up 'user.rules' to '/etc/ufw/user.rules.20170911_082950'
Backing up 'before.rules' to '/etc/ufw/before.rules.20170911_082950'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20170911_082950'Ah, okay. Seeing the filenames, that makes more sense! We can get a fix in for this.
Cookbook version
2.6.2 (any version though really)
Chef-client version
12.19.36
Platform Details
Ubuntu 16.04
Scenario:
Everything works, it simply creates a lot of backed up rules. In my environment, I create individual firewall rules between servers in a private network. As servers come and go (dynamic cloud environment), eventually you are left with a massive number of backed up rulesets.
Steps to Reproduce:
Change your rules a few times and watch these build up in
/etc/ufw/Suggested Solution:
In my wrapper cookbook, I put something in like the below -- it is the best thing I could come up with. Maybe its better left in a wrapper, but I figured I'd at least put it out there as many may not realize it is happening.