-
-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wild mixtures of questions #249
Comments
This is an old cookbook that needs a lot of updating to be modernized per resource cookbook driven designs. With that old OSs' like Ubuntu 14.04 that are EOL support could be dropped further simplifying this cookbook. There has been talks about whether this cookbook should be updated or split up into seperate cookbooks based on the firewall type. 1 cookbook for all firewalls is very ambitious and difficult to support. At the very least separating out each firewall into separate resources will make it easier to manage and maintain and moves onus as to which firewall resource to use on to the users wrapper cookbook and out of this cookbooks logic. |
Ok, that is useful information. It also leads to many more questions:
Again, feedback on my thoughts is very welcome. |
|
Thanks for your patience, it is all starting to make sense now. Since the first version of #242, I had already familiarized myself with the new resource design. So I just updated #242:
Once again, I would very much welcome any feedback on whether I actually got it right. |
looks good just have to fix the failing pipeline jobs and should be ready to be approved. |
This looks closable @bmhughes, the related PR has been merged. |
This might become a little messy, but I have the feeling that I now have sufficient understanding of this cookbook, to ask some questions:
ubuntu <= 14.04
andubuntu > 14.04
? They online differ in the service name (netfilter-persistent
vsiptables-persistent
). This could be fixed easily by adding a methodiptables_servicename
tolibraries/helpers_iptables
which does the distinction based on the methodvalue_for_platform
.libraries/provider_firewall_iptables.rb
andlibraries/provider_firewall_iptables_ubuntu.rb
? This will require more work, but it should still be possible.edit_resource
methods.firewall_rule
-resource search the resource_collection forfirewall['default']
, which then again searches the resource_collection for allfirewall_rule
s to accumulate all the rules? This should be possible by adding all the rules to thefirewall
resource from thefirewall_rules
directly without needing to search the resource-collection again. However this would be quite a lot of work.firewalld
-cookbook can be adopted. It offers many features that could be used in this cookbook, and it would be a better way to handlefirewalld
with this cookbook. Right now, if one were to use this cookbook to configurefirewalld
on a more recent distribution, this cookbook would generate iptables-rules viafirewalld
direct interface, which would result in iptables-rules on the OS which would then be converted to nftables.The text was updated successfully, but these errors were encountered: