Open bdwyertech opened 7 years ago
Hi there -- this looks like these are getting created by the Chef file resource. I would have expected these get written to /var/chef/backup
, but not to the local directory. We'll have to test this, and perhaps expose an option, to turn it off.
It looks like these are actually created by running ufw reset
root@firewalltest:/etc/ufw# ufw reset
Resetting all rules to installed defaults. This may disrupt existing ssh
connections. Proceed with operation (y|n)? y
Backing up 'user6.rules' to '/etc/ufw/user6.rules.20170911_082950'
Backing up 'after6.rules' to '/etc/ufw/after6.rules.20170911_082950'
Backing up 'after.rules' to '/etc/ufw/after.rules.20170911_082950'
Backing up 'user.rules' to '/etc/ufw/user.rules.20170911_082950'
Backing up 'before.rules' to '/etc/ufw/before.rules.20170911_082950'
Backing up 'before6.rules' to '/etc/ufw/before6.rules.20170911_082950'
Ah, okay. Seeing the filenames, that makes more sense! We can get a fix in for this.
Cookbook version
2.6.2 (any version though really)
Chef-client version
12.19.36
Platform Details
Ubuntu 16.04
Scenario:
Everything works, it simply creates a lot of backed up rules. In my environment, I create individual firewall rules between servers in a private network. As servers come and go (dynamic cloud environment), eventually you are left with a massive number of backed up rulesets.
Steps to Reproduce:
Change your rules a few times and watch these build up in
/etc/ufw/
Suggested Solution:
In my wrapper cookbook, I put something in like the below -- it is the best thing I could come up with. Maybe its better left in a wrapper, but I figured I'd at least put it out there as many may not realize it is happening.