require "ipaddr"
-node[:networking][:interfaces].each do |name,interface|
- if interface[:role] and role = node[:networking][:roles][interface[:role]]
+node[:networking][:interfaces].each do |name, interface|
+ if interface[:role] && role = node[:networking][:roles][interface[:role]]
if role[interface[:family]]
node.default[:networking][:interfaces][name][:prefix] = role[interface[:family]][:prefix]
node.default[:networking][:interfaces][name][:gateway] = role[interface[:family]][:gateway]
owner "root"
group "root"
mode 0644
- notifies :run, resources(:execute => "hostname")
+ notifies :run, "execute[hostname]"
end
template "/etc/hosts" do
end
node.interfaces(:role => :internal) do |interface|
- if interface[:gateway] and interface[:gateway] != interface[:address]
+ if interface[:gateway] && interface[:gateway] != interface[:address]
search(:node, "networking_interfaces*address:#{interface[:gateway]}") do |gateway|
if gateway[:openvpn]
gateway[:openvpn][:tunnels].each_value do |tunnel|
end
end
-zones = Hash.new
+zones = {}
search(:node, "networking:interfaces").collect do |n|
if n[:fqdn] != node[:fqdn]
n.interfaces.each do |interface|
- if interface[:role] == "external" and interface[:zone]
+ if interface[:role] == "external" && interface[:zone]
zones[interface[:zone]] ||= Hash.new
zones[interface[:zone]][interface[:family]] ||= Array.new
zones[interface[:zone]][interface[:family]] << interface[:address]
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
template "/etc/shorewall/shorewall.conf" do
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
template "/etc/shorewall/zones" do
group "root"
mode 0644
variables :type => "ipv4"
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
template "/etc/shorewall/interfaces" do
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
template "/etc/shorewall/hosts" do
group "root"
mode 0644
variables :zones => zones
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
template "/etc/shorewall/policy" do
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
template "/etc/shorewall/rules" do
owner "root"
group "root"
mode 0644
- variables :family => "inet", :rules => []
- notifies :restart, resources(:service => "shorewall")
+ variables :rules => []
+ notifies :restart, "service[shorewall]"
end
firewall_rule "limit-icmp-echo" do
dest "fw"
proto "icmp"
dest_ports "echo-request"
- if node[:lsb][:release].to_f >= 10.04
- rate_limit "s:1/sec:5"
- else
- rate_limit "1/sec:5"
- end
+ rate_limit "s:1/sec:5"
end
-[ "ucl", "ic", "bm" ].each do |zone|
+%w(ucl ic bm).each do |zone|
firewall_rule "accept-openvpn-#{zone}" do
action :accept
family :inet
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
else
file "/etc/shorewall/masq" do
action :delete
- notifies :restart, resources(:service => "shorewall")
+ notifies :restart, "service[shorewall]"
end
end
-if not node.interfaces(:family => :inet6).empty?
+unless node.interfaces(:family => :inet6).empty?
package "shorewall6"
service "shorewall6" do
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall6")
+ notifies :restart, "service[shorewall6]"
end
template "/etc/shorewall6/shorewall6.conf" do
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall6")
+ notifies :restart, "service[shorewall6]"
end
template "/etc/shorewall6/zones" do
group "root"
mode 0644
variables :type => "ipv6"
- notifies :restart, resources(:service => "shorewall6")
+ notifies :restart, "service[shorewall6]"
end
template "/etc/shorewall6/interfaces" do
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall6")
+ notifies :restart, "service[shorewall6]"
end
template "/etc/shorewall6/hosts" do
group "root"
mode 0644
variables :zones => zones
- notifies :restart, resources(:service => "shorewall6")
+ notifies :restart, "service[shorewall6]"
end
template "/etc/shorewall6/policy" do
owner "root"
group "root"
mode 0644
- notifies :restart, resources(:service => "shorewall6")
+ notifies :restart, "service[shorewall6]"
end
template "/etc/shorewall6/rules" do
owner "root"
group "root"
mode 0644
- variables :family => "inet6", :rules => []
- notifies :restart, resources(:service => "shorewall6")
+ variables :rules => []
+ notifies :restart, "service[shorewall6]"
end
firewall_rule "limit-icmp6-echo" do
dest "fw"
proto "ipv6-icmp"
dest_ports "echo-request"
- if node[:lsb][:release].to_f >= 10.04
- rate_limit "s:1/sec:5"
- else
- rate_limit "1/sec:5"
- end
+ rate_limit "s:1/sec:5"
end
end