Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/sous-chefs/firewall

Development repository for the firewall cookbook
https://github.com/sous-chefs/firewall

Add support for mobile shell firewall rules.

This adds support for the firewall rules required for using the [mobile
shell](https://mosh.mit....

61b71711deea58feaa6759bf4f242635f86ec28a authored almost 9 years ago by John Bellone <[email protected]>
Don't modify parameter for port

When passing in a port, our string-ifying helper function was modifying the variable if it happe...

8136c429fdabd9a8ee8594b3745106bd5b65eb15 authored almost 9 years ago by Martin Smith <[email protected]>
Fix some style rules that were failing the build.

3690636116e7756c1f12f82476ed1613d69d8ef4 authored almost 9 years ago by Martin Smith <[email protected]>
Fix errant example with command and action

Example should have had `command :allow`, as :allow is no longer an action.

77800f8f72ebf8ecef608f8f1e8bc5ff0123bbf8 authored almost 9 years ago by Martin Smith <[email protected]>
Rubocop fixes

51587739ad99c0b81b19197c32a692e6742c07f1 authored almost 9 years ago by Martin Smith <[email protected]>
Release v2.4.0

f33312d5d26b763b2ae7b6503fe632b2badd52a3 authored almost 9 years ago by Martin Smith <[email protected]>
Expose default table and chains for iptables

This is a backwards compatible new feature to override the default ruleset, or add additional ru...

af2c17c59241590001dc09333cf0f4444989ac6b authored almost 9 years ago by Martin Smith <[email protected]>
Remove 'type' variable, fix duplicate allow

Because of some legacy code that was fixed, we had two variables that represented the same value...

c155b7329a8b95be0360358bba8103024989f1b7 authored almost 9 years ago by Martin Smith <[email protected]>
ufw: Remove straggler 'raw' line

9635780856f6c021a89995b09fbc22e3cf4b2836 authored almost 9 years ago by Andrew Burns <[email protected]>
ufw: Add support for :raw

This adds support to the ufw provider so that it actually supports the
:raw command as currently...

3af3c26a60212dba66cb2709b4099ee8cd754714 authored almost 9 years ago by Andrew Burns <[email protected]>
Fix rubocop complaints

- Rubocop had some new complaints from the latest release. Fixing those.

a30b8430e1a3a4b2a771dcfcbd78a86e577b024d authored almost 9 years ago by Martin Smith <[email protected]>
Fix rubocop warnings

9f30d2fbc6889c449048193cd34f332d1db359be authored almost 9 years ago by Martin Smith <[email protected]>
Release v2.3.1

812b2b5b944e74676a945b18d3f1c163c6db078d authored almost 9 years ago by Martin Smith <[email protected]>
Allow raw rules on ufw

Ensure we support raw rules on ufw, add tests for it as well.

Fixes #113.

53f3fca0299a36641b9f1562761d42e3d080daca authored almost 9 years ago by Martin Smith <[email protected]>
Release v2.3.0

3536a3b36ba617977c9693acc7dbd31d57764af6 authored almost 9 years ago by Martin Smith <[email protected]>
Fix typo in action vs. command

We should be checking the iptables command, not the resource action here.

RE: #112

9080c913e0be04e74d1eb9c0baee45170b23d746 authored almost 9 years ago by Martin Smith <[email protected]>
Refactor firewall_rule providers

- Instead of accumulating the firewall rules as each `firewall_rule` resource's action fires, ac...

c6f5bf99a0ebe7f5595706bebda315b0e88f157e authored almost 9 years ago by Martin Smith <[email protected]>
Merge pull request #111 from schubergphilis/b-port-to-s

Fix the `port_to_s` function so it also works for Windows

eb0e6345dc53a4e3eac679b2ae4c1b810b96e48e authored about 9 years ago by Martin Smith <[email protected]>
Fix the `port_to_s` function so it also works for Windows

ec52c734fc4c07f095a98aa75537ee913a5dc47e authored about 9 years ago by Sander van Harmelen <[email protected]>
Add proper Windows support back in

Add proper Windows support & serverspec tests.

76d8017d267fd903c4945b2855019611fa1be761 authored about 9 years ago by Martin Smith <[email protected]>
Switch to positive logic (enabled vs. disabled)

Add a flag for 'enabled' to make it easier to understand the logic on the firewall resource. We'...

6b5ebc884d25b922382e2d5bead8e4ef20ef02c9 authored about 9 years ago by Martin Smith <[email protected]>
Cleanup from persistent rules

- Rename `persistent` to `permanent` to match the firewalld name, and scope the attribute under ...

d36337edff6655320022f156e137d045949cd818 authored about 9 years ago by Martin Smith <[email protected]>
Merge pull request #104 from jasonmcintosh/option_for_permanent

Added persistent option defaulted to true to allow --permament auto a…

eefad6ab12d8f60d63036ebb5b5d90d90abc64af authored about 9 years ago by Martin Smith <[email protected]>
Version bumped

0cebd39f7d778ce7b475b1a15a5e433664a726c6 authored about 9 years ago by jasonmcintosh <[email protected]>
Fixed formatting issues

ec93e9e81894ea6d0c2f25cd775845e6c8a463db authored about 9 years ago by jasonmcintosh <[email protected]>
Added persistent option defaulted to true to allow --permament auto added on all rules created

ebd36656ed19450f7cb1bee9551d9262026c05a9 authored about 9 years ago by jasonmcintosh <[email protected]>
Merge pull request #100 from strawhatboy/master

Fixed the issue creating a firewall rule for windows with 'program' set to 'any' is invalid

e3a65c0586f7a25b25ad6c617b824cd0d964a0f1 authored about 9 years ago by Martin Smith <[email protected]>
Merge pull request #99 from agperson/master

Add support for using iptables in RHEL 7

e408c1c40f9a82171d89572808d29ff8b1881581 authored about 9 years ago by Martin Smith <[email protected]>
replaced single line 'if' to '&&' flow

ee437c7cfe2a71cdc927526bb8a05a97fad892f3 authored about 9 years ago by strawhatboy <[email protected]>
Merge pull request #1 from strawhatboy/strawhatboy-patch-1

Fix 'Any' program for windows firewall

bf1cc84572ee73f0c98ee1965578aef624aaddd5 authored about 9 years ago by strawhatboy <[email protected]>
Fix 'Any' program for windows firewall

Windows adv firewall consider no 'program' parameter specified as the 'Any' option:

Usage: ad...

0ad591ef31af1532dfbcdda9a0d3f2d6dc5882cb authored about 9 years ago by strawhatboy <[email protected]>
Add support for using iptables in RHEL 7

e45fdb83542e97dc14c85461ff4135f7d0a9acfd authored about 9 years ago by Daniel Silverman <[email protected]>
Release v2.1.0

2211691b02f5a87a437dee70511da3990ef8c2be authored about 9 years ago by Martin Smith <[email protected]>
Open ICMP in ipv6, required

In ipv6, ICMP is required for all kinds of basic functionality. Unless someone has overriden `al...

4353695da89c6686354e8b0d554264b112f5f3bb authored about 9 years ago by Martin Smith <[email protected]>
Add basic converge chefspec

7278d0ed2ecc91d2932fc39dd2ab2bf4ddfccd9e authored about 9 years ago by Tim Smith <[email protected]>
Resolve rubocop warnings

b515582ffa33dcb23df10b437a5d3726e07dbd20 authored about 9 years ago by Tim Smith <[email protected]>
Fix rubocop, berkshelf breakage

- Rubocop doesn't like !!
- Berkshelf 3.x has compatibility issues with Faraday/Ridley atm.

21815668884b10fa310892344532a07bfe6dafa4 authored about 9 years ago by Martin Smith <[email protected]>
Exclude rules that aren't applicable

f1f0f2e136142eeff2135c87de41003ccfc9a657 authored about 9 years ago by Tim Smith <[email protected]>
Resolve a few rubocop warnings

6fb5096c2d0705d26cc8e5c2cdcc12fd4e4241c1 authored about 9 years ago by Tim Smith <[email protected]>
Update rubocop to standard file

53435d52b15231648bcbed29e4b198ede86566c0 authored about 9 years ago by Tim Smith <[email protected]>
Update chefignore

b145efc06d2bdfd39994b2fc6f2aff563b77441b authored about 9 years ago by Tim Smith <[email protected]>
Release v2.0.5

7715f54e163cbfdfa9bd2aa425b459524138b944 authored about 9 years ago by Martin Smith <[email protected]>
Ensure all provide blocks are mutually exclusive

Ensure all of the distros/versions and provides blocks yield exactly one provider, no more.

RE:...

682d523771890d308dffdf8a9d2c99d19f840173 authored about 9 years ago by Martin Smith <[email protected]>
Merge pull request #98 from glenjamin/never-firewalld-el6

Also ensure firewalld_rule is not attempted on el6

fbe3e8cc6c8d47508e14e7144689aee356438f0a authored about 9 years ago by Martin Smith <[email protected]>
Also ensure firewalld_rule is not attempted on el6

62b42f769c568e69057cfba4f9aa21fbecbcf7e8 authored about 9 years ago by Glen Mailer <[email protected]>
Merge pull request #97 from glenjamin/never-firewalld-el6

Ensure firewalld is not attempted on el6

d24f3c9c619cfc66772fdbfa50dc7bca9e9c4a98 authored about 9 years ago by Martin Smith <[email protected]>
Ensure firewalld is not attempted on el6

4e4ff5e1181d1457fddc7d407b0befec6914ac12 authored about 9 years ago by Glen Mailer <[email protected]>
Merge pull request #96 from glenjamin/patch-1

Update docs references to :enabled action

81b3781dfda0645c0fb55516ea3dfc0b16f2e916 authored about 9 years ago by Martin Smith <[email protected]>
Update docs references to :enabled action

a2bb94cc128c4d8ded51237755656687a156c386 authored about 9 years ago by Glen Mailer <[email protected]>
Release v2.0.4

2414fe1a20619ab5ec5fbb690876116b5557f519 authored about 9 years ago by Martin Smith <[email protected]>
Fix chefspec and foodcritic complaints

- Foodcritic wanted node['platform_version'] vs. :platform_version
- Add back require_relative o...

7820cf6f38ac30e409a8a81a71165a5aaf897b8b authored about 9 years ago by Martin Smith <[email protected]>
Override iptables filter chain policy, cleanup

- Allow override of default iptables' filter chain's default policy, fixes #94
- Fix test-kitche...

7a4026327691f4a67c7795c4ab660ff2d2d528ea authored about 9 years ago by Martin Smith <[email protected]>
Release v2.0.3

ee0f8977fd93095a880c380286b628996d6d8c04 authored over 9 years ago by Martin Smith <[email protected]>
Merge pull request #93 from crossroads/redirect_fix

Fixes #92 where firewall_rule misses '--to-ports'

1624d2169e28905cf8ba3666c90a3054a7c8c41a authored over 9 years ago by Martin Smith <[email protected]>
Ensure default hash regardless of ipv6

Be sure we initialize ipv6 and ipv4 hash keys regardless of using them or not.

Fixes #91.

0c42c217422244e46ca922c4b60a521803bc2adb authored over 9 years ago by Martin Smith <[email protected]>
Add attribute-friendly way to disable ipv6

Per #91, add an attribute for disabling ipv6, so folks don't have to resort to resource cloning ...

c3b6cd33637c4a8bd521cbf0c790ea46d1c07084 authored over 9 years ago by Martin Smith <[email protected]>
Fixes #92 where firewall_rule misses '--to-ports'

a3d43396bcae051e6afb5c39a783823a76955da0 authored over 9 years ago by Thomas Pike <[email protected]>
Update URL

66502e222027d192efd293039007d087991e8c83 authored over 9 years ago by Tim Smith <[email protected]>
Add back chef-sugar

8065c8a5d33e5c2021bc72cf23af92f4904ebafe authored over 9 years ago by Tim Smith <[email protected]>
Fix the extra line I introduced

d639184e20b283c025c82f7693b2a2a6eed70cb7 authored over 9 years ago by Tim Smith <[email protected]>
Opscode -> Chef, supermarket metadata, additional platforms

95f322be1a6065f3ec42f386b4f654adc5b1aec9 authored over 9 years ago by Tim Smith <[email protected]>
Add badges

3420cc853a615f1ebf7250b7b523dff757601a26 authored over 9 years ago by Tim Smith <[email protected]>
Update ignored files

5fcb7dd81c1267e592945ee1d63abf090a7336e4 authored over 9 years ago by Tim Smith <[email protected]>
Disable a few rules entirely

03d7941a2e2e9809d87656d895eed6d23932b7f4 authored over 9 years ago by Tim Smith <[email protected]>
Remove the version constraint for integration testing

a29ee0714e4c456837885b8900d07f0ddef680de authored over 9 years ago by Tim Smith <[email protected]>
Pin versions and use our standard group list

6c87861c08947181c577fc8b2ac18bcad18d8bf5 authored over 9 years ago by Tim Smith <[email protected]>
Update platforms and A->Z the boxes

5cf877f83f0513ffd2cb2ffc3a08f84805e50ec9 authored over 9 years ago by Tim Smith <[email protected]>
Add copyright to the license

42ebcf7e98eb42827ab0ef859e2bd6789bc59ed7 authored over 9 years ago by Tim Smith <[email protected]>
Let ruby version float in travis

0099204dacc683ceb05774d4a5aa16402bc7b27f authored over 9 years ago by Tim Smith <[email protected]>
Update docs

e6e9b6c51fe56bd6a90c56c9dfa2b6b4ea754dea authored over 9 years ago by Tim Smith <[email protected]>
Release v2.0.2

91406061f660a5454a20c60a4d7b496d6e384c1c authored over 9 years ago by Martin Smith <[email protected]>
Merge pull request #88 from opscode-cookbooks/ci

Work to ensure Travis CI passes

3c4832f3498141287981a8687855531b0d746fc9 authored over 9 years ago by Martin Smith <[email protected]>
Work to ensure Travis CI passes

- Fix chefspec tests (needs more work)
- Correct actions in matchers
- Clean up groups in Gemfil...

71b536ccaed82f5216bbc6725a25f079bc293f2b authored over 9 years ago by Martin Smith <[email protected]>
Release v2.0.1

4e2c438a3bf5b23a0969dabcb6090a85af7d81f6 authored over 9 years ago by Martin Smith <[email protected]>
Add default rule for related/established

- By default, allow related/established on iptables (ufw defaults to this)
- Add `default['firew...

4e12736b29d5c83cbafebbf5cf369424facd3e98 authored over 9 years ago by Martin Smith <[email protected]>
Bump to v2.0.0

a1bf37966dcf50dbed3be8770098509ca8c1fecb authored over 9 years ago by Martin Smith <[email protected]>
Add ipv6 disable option

Add ipv6 toggle for not running ipv6 commands. Fixes #73.

c7729611c41c328b48e145fdcb6fbdedb3e8dcad authored over 9 years ago by Martin Smith <[email protected]>
Major bump to require chef 12

Rewritten to support 'Chef 12 style' for doing providers and resources, RE: #78. The new way to ...

35b235e67bdbe6f46070628cefbbeb83c1773652 authored over 9 years ago by Martin Smith <[email protected]>
Rubocop/Foodcritic cleanup

0934ab3f75fca33561c88a098bfa95bc019e30ef authored over 9 years ago by Martin Smith <[email protected]>
Additional Windows provider work

Introduce Windows firewall support, with much thanks to @svanharmelen.

Includes work from:
http...

e98ed0587c00660550f9e3f32a828b7a9a1979e7 authored over 9 years ago by Martin Smith <[email protected]>
Add support for Windows Firewall

2ffdf44e4e4b41a4e2ea246cf77b59d8c0addca7 authored over 9 years ago by Sander van Harmelen <[email protected]>
Add default enabled/disabled firewalld zones

Add firewall resource parameters for default enabled and disabled firewalld zones.

Fixes #71.

a67bd2b6496add004ea61dc6dea661acde1ebb72 authored over 9 years ago by Martin Smith <[email protected]>
Merge pull request #85 from lmunro/iptables-flush-bugfix

add variable scope to svc in iptables flush.

943463630474286c20b4a17690abdce750898b9c authored over 9 years ago by Martin Smith <[email protected]>
add variable scope to svc in iptables flush.

58af5fbaa7ac4706894c36618daefedf54b609ce authored over 9 years ago by lmunro <[email protected]>
Don't force '-A' on raw rules

We were appending '-A' for raw rules, for no real reason. This removes that limitation.

3db478e53886f1302e7d95ce317533e83fa15317 authored over 9 years ago by Martin Smith <[email protected]>
Add positions for rules to comments

This will further address the issue of being able to debug positional rules.

21c34b376a940ab446a0ca961199b4d60c82d39c authored over 9 years ago by Martin Smith <[email protected]>
Add relative position, remove poise

This is a major rewrite of the firewall cookbook, however tests were only slightly adjusted to r...

126f32479be8119e281848619a37aa1769a68b02 authored over 9 years ago by Martin Smith <[email protected]>
Add chefignore file

5f78badb07783b878de7c834aba1572e2419633f authored over 9 years ago by Tim Smith <[email protected]>
Merge pull request #81 from lmunro/option-to-insert-rule-at-top

insert_at attribute to insert at top or bottom.

0cfb596b4453528cd71a59fc17f5883c4f12a06f authored over 9 years ago by Martin Smith <[email protected]>
insert_at attribute. Currently for iptables only

c26ed9017ea686a9f7412f8ca68e6b2577135ae8 authored over 9 years ago by lmunro <[email protected]>
Release v1.6.1

6d2c3e3ac145a2aa6d05a4719e6e01e853d3f08b authored over 9 years ago by Martin Smith <[email protected]>
Merge pull request #80 from schwing/texas_ranger

Remove additional space after port range

052c900679a71600c94da53d20a1ab8a8657836f authored over 9 years ago by Martin Smith <[email protected]>
Remove extra space after port range

Resolves #79

8e4ac193c6fb8e1abdc172687201fc5d2ae4f8b8 authored over 9 years ago by John Schwinghammer <[email protected]>
Release v1.6.0

d25363b96b766bbf6d6ac2554dbc6e29b09e90be authored over 9 years ago by Martin Smith <[email protected]>
Merge pull request #72 from mdwulit/master

Bug fix: Fixed redirect comparision; cdre-security-centos64-65 …

fd9b2dd7865b6d11e4a373778c8eff598126c014 authored over 9 years ago by Martin Smith <[email protected]>
Removed version bumps and changelog

- We don't bump versions in PRs or write changelogs here, as it creates unnecessary merge confli...

689b558a2c521604595ccd54f655ff44b4a24d23 authored over 9 years ago by Martin Smith <[email protected]>
changelog

d19ed093f0fc1f9453854343200da77239966df1 authored over 9 years ago by 212050466 <[email protected]>
fixed firewalld logic

87256608d721a0fed585c887cf9bed1f98bbc1a8 authored over 9 years ago by 212050466 <[email protected]>
fixed package logic for centos

6f123190ef9dfe4e43de5636edd6eabcfd235eab authored over 9 years ago by 212050466 <[email protected]>
Release v1.5.2

cf5f3af300756b3799452c4163f9a647f97014c4 authored over 9 years ago by Martin Smith <[email protected]>