Disable firewall on lambton

author Tom Hughes <tom@compton.nu>

Sun, 6 Sep 2020 16:55:46 +0000 (17:55 +0100)

committer Tom Hughes <tom@compton.nu>

Sun, 6 Sep 2020 16:55:46 +0000 (17:55 +0100)
author Tom Hughes <tom@compton.nu>
Sun, 6 Sep 2020 16:55:46 +0000 (17:55 +0100)
committer Tom Hughes <tom@compton.nu>
Sun, 6 Sep 2020 16:55:46 +0000 (17:55 +0100)
diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb

index 8d5cb035e220ce622f6b0823c4112825dd9dbc49..8edc932793fd21efafea2f69cd947707f19353d4 100644 (file)
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -1,3 +1,4 @@
+default[:networking][:firewall][:enabled] = true
  default[:networking][:firewall][:inet] = []
  default[:networking][:firewall][:inet6] = []
  default[:networking][:firewall][:http_rate_limit] = "-"
diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb

index c195251e6803b7fdf3ff65492ada07020759ace8..20a696ceca4d7bf02d93e7b604d55b664a516175 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -357,10 +357,18 @@ notify_group "shorewall-rules" do
    notifies :create, "template[/etc/shorewall/rules]"
  end
  
-service "shorewall" do
-  action [:enable, :start]
-  supports :restart => true
-  status_command "shorewall status"
+if node[:networking][:firewall][:enabled]
+  service "shorewall" do
+    action [:enable, :start]
+    supports :restart => true
+    status_command "shorewall status"
+  end
+else
+  service "shorewall" do
+    action [:disable, :stop]
+    supports :restart => true
+    status_command "shorewall status"
+  end
  end
  
  template "/etc/logrotate.d/shorewall" do
@@ -484,10 +492,18 @@ unless node.interfaces(:family => :inet6).empty?
      notifies :create, "template[/etc/shorewall6/rules]"
    end
  
-  service "shorewall6" do
-    action [:enable, :start]
-    supports :restart => true
-    status_command "shorewall6 status"
+  if node[:networking][:firewall][:enabled]
+    service "shorewall6" do
+      action [:enable, :start]
+      supports :restart => true
+      status_command "shorewall6 status"
+    end
+  else
+    service "shorewall6" do
+      action [:disable, :stop]
+      supports :restart => true
+      status_command "shorewall6 status"
+    end
    end
  
    template "/etc/logrotate.d/shorewall6" do
diff --git a/roles/lambton.rb b/roles/lambton.rb

index e088dd34611fe89dc21c2a7a7f0124f52f0ad1cf..86c0d322cf87017688bdc47bee44ac0574562618 100644 (file)
--- a/roles/lambton.rb
+++ b/roles/lambton.rb
@@ -7,6 +7,9 @@ default_attributes(
    },
    :location => "Falkenstein, Germany",
    :networking => {
+    :firewall => {
+      :enabled => false
+    },
      :interfaces => {
        :external_ipv4 => {
          :interface => "enp0s31f6",
author	Tom Hughes <tom@compton.nu>
	Sun, 6 Sep 2020 16:55:46 +0000 (17:55 +0100)
committer	Tom Hughes <tom@compton.nu>
	Sun, 6 Sep 2020 16:55:46 +0000 (17:55 +0100)
cookbooks/networking/attributes/default.rb		patch \| blob \| history
cookbooks/networking/recipes/default.rb		patch \| blob \| history
roles/lambton.rb		patch \| blob \| history