From: Tom Hughes <tom@compton.nu>
Date: Sun, 6 Sep 2020 16:55:46 +0000 (+0100)
Subject: Disable firewall on lambton
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/dcccc2dc1ebc77dd2254a23af97bcfb270b760be

Disable firewall on lambton
---

diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb
index 8d5cb035e..8edc93279 100644
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -1,3 +1,4 @@
+default[:networking][:firewall][:enabled] = true
 default[:networking][:firewall][:inet] = []
 default[:networking][:firewall][:inet6] = []
 default[:networking][:firewall][:http_rate_limit] = "-"
diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index c195251e6..20a696cec 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -357,10 +357,18 @@ notify_group "shorewall-rules" do
   notifies :create, "template[/etc/shorewall/rules]"
 end
 
-service "shorewall" do
-  action [:enable, :start]
-  supports :restart => true
-  status_command "shorewall status"
+if node[:networking][:firewall][:enabled]
+  service "shorewall" do
+    action [:enable, :start]
+    supports :restart => true
+    status_command "shorewall status"
+  end
+else
+  service "shorewall" do
+    action [:disable, :stop]
+    supports :restart => true
+    status_command "shorewall status"
+  end
 end
 
 template "/etc/logrotate.d/shorewall" do
@@ -484,10 +492,18 @@ unless node.interfaces(:family => :inet6).empty?
     notifies :create, "template[/etc/shorewall6/rules]"
   end
 
-  service "shorewall6" do
-    action [:enable, :start]
-    supports :restart => true
-    status_command "shorewall6 status"
+  if node[:networking][:firewall][:enabled]
+    service "shorewall6" do
+      action [:enable, :start]
+      supports :restart => true
+      status_command "shorewall6 status"
+    end
+  else
+    service "shorewall6" do
+      action [:disable, :stop]
+      supports :restart => true
+      status_command "shorewall6 status"
+    end
   end
 
   template "/etc/logrotate.d/shorewall6" do
diff --git a/roles/lambton.rb b/roles/lambton.rb
index e088dd346..86c0d322c 100644
--- a/roles/lambton.rb
+++ b/roles/lambton.rb
@@ -7,6 +7,9 @@ default_attributes(
   },
   :location => "Falkenstein, Germany",
   :networking => {
+    :firewall => {
+      :enabled => false
+    },
     :interfaces => {
       :external_ipv4 => {
         :interface => "enp0s31f6",