From cf7b957b28fdbd9c075034c307efa8816d9cd50a Mon Sep 17 00:00:00 2001 From: Michael Sofaer Date: Sat, 6 Nov 2010 12:12:33 -0700 Subject: [PATCH] Open port 80 --- chef/cookbooks/common/files/default/iptables | 21 ++++++++++++++++++++ chef/cookbooks/common/recipes/iptables.rb | 7 +++++++ chef/cookbooks/common/recipes/main.rb | 1 + 3 files changed, 29 insertions(+) create mode 100644 chef/cookbooks/common/files/default/iptables create mode 100644 chef/cookbooks/common/recipes/iptables.rb diff --git a/chef/cookbooks/common/files/default/iptables b/chef/cookbooks/common/files/default/iptables new file mode 100644 index 000000000..8abc9613f --- /dev/null +++ b/chef/cookbooks/common/files/default/iptables @@ -0,0 +1,21 @@ +# Firewall configuration written by system-config-securitylevel +# Manual customization of this file is not recommended. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:RH-Firewall-1-INPUT - [0:0] +-A INPUT -j RH-Firewall-1-INPUT +-A FORWARD -j RH-Firewall-1-INPUT +-A RH-Firewall-1-INPUT -i lo -j ACCEPT +-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT +-A RH-Firewall-1-INPUT -p 50 -j ACCEPT +-A RH-Firewall-1-INPUT -p 51 -j ACCEPT +-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT +-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT +-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT +-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT +-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT +-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited +COMMIT diff --git a/chef/cookbooks/common/recipes/iptables.rb b/chef/cookbooks/common/recipes/iptables.rb new file mode 100644 index 000000000..f31d17a98 --- /dev/null +++ b/chef/cookbooks/common/recipes/iptables.rb @@ -0,0 +1,7 @@ +cookbook_file "/etc/sysconfig/iptables" do + source "iptables" +end + +execute "restart iptables" do #TODO only do this if the file changes + command "/etc/init.d/iptables restart" +end diff --git a/chef/cookbooks/common/recipes/main.rb b/chef/cookbooks/common/recipes/main.rb index dd787e529..cf1322268 100644 --- a/chef/cookbooks/common/recipes/main.rb +++ b/chef/cookbooks/common/recipes/main.rb @@ -1 +1,2 @@ +include_recipe "common::iptables" include_recipe "common::daemontools"