diff --git a/README.md b/README.md index 8bf113b..dddabac 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,10 @@ Installs iptables and provides a custom resource for adding and removing iptable ## Resources -- [iptables_packages](https://github.com/chef-cookbooks/iptables/tree/master/documentation/iptables_packages.md) -- [iptables_service](https://github.com/chef-cookbooks/iptables/tree/master/documentation/iptables_service.md) -- [iptables_chain](https://github.com/chef-cookbooks/iptables/tree/master/documentation/iptables_chain.md) -- [iptables_rule](https://github.com/chef-cookbooks/iptables/tree/master/documentation/iptables_rule.md) +- [iptables_packages](documentation/iptables_packages.md) +- [iptables_service](documentation/iptables_service.md) +- [iptables_chain](documentation/iptables_chain.md) +- [iptables_rule](documentation/iptables_rule.md) ## Recipes diff --git a/documentation/iptables_chain.md b/documentation/iptables_chain.md index df6af6d..67b14e1 100644 --- a/documentation/iptables_chain.md +++ b/documentation/iptables_chain.md @@ -1,4 +1,4 @@ -[back to resource list](https://github.com/chef-cookbooks/iptables#resources) +[Back to resource list](../README.md#resources) --- @@ -12,21 +12,24 @@ As this is an accumalator pattern resource not declaring a chain will have it re ## Actions -`:create` +- `:create` +- `:delete` ## Properties | Name | Type | Default | Description | Allowed Values | --------------------------------- | ----------- | -------- | ----------- | -------------- | +| `config_file` | `String` | The default location on disk of the config file, see resource for details | The full path to find the rules on disk | | +| `owner` | `String` | `root` | Owner of the saved output file | | +| `group` | `String` | `root` | Group of the saved output file | | +| `mode` | `String` | `0644` | Permissions on the saved output file | | +| `template` | `source_template` | `iptables.erb` | Source template to use to create the rules | | +| `cookbook` | `String` | `iptables` | Source cookbook to find the template in | | +| `sensitive` | `true, false` | `false` | mark the resource as senstive | | +| `ip_version` | `Symbol`, `String` | `:ipv4` | The IP version | `:ipv4`, `:ipv6` | | `table` | `Symbol` | `:filter` | The table the chain should exist on | `:filter`, `:mangle`, `:nat`, `:raw`, `:security` | | `chain` | `Symbol` | `nil` | The name of the Chain | | | `value` | `String` | `ACCEPT [0:0]` | The default action and the Packets : Bytes count | | -| `ip_version` | `Symbol` | `:ipv4` | The IP version | `:ipv4`, `:ipv6` | -| `file_mode` | `String` | `0644` | Permissions on the saved output file | | -| `source_template` | `source_template` | `iptables.erb` | Source template to use to create the rules | | -| `cookbook` | `String` | `iptables` | Source cookbook to find the template in | | -| `sensitive` | `true, false` | `false` | mark the resource as senstive | | -| `config_file` | `String` | The default location on disk of the config file, see resource for details | The full path to find the rules on disk | | ## Examples @@ -43,7 +46,7 @@ Create a custom chain ```ruby iptables_chain 'filter' do table :filter - chain :LOGGIMG + chain :LOGGING value '- [0:0]' end ``` diff --git a/documentation/iptables_packages.md b/documentation/iptables_packages.md index f2bc6c4..1288613 100644 --- a/documentation/iptables_packages.md +++ b/documentation/iptables_packages.md @@ -1,4 +1,4 @@ -[back to resource list](https://github.com/chef-cookbooks/iptables#resources) +[Back to resource list](../README.md#resources) --- @@ -8,14 +8,17 @@ The `iptables_packages` resource can be used to install the required packages fo ## Actions -`:install` -`:remove` +- `:install` +- `:purge` +- `:reconfig` +- `:remove` +- `:upgrade` ## Properties | Name | Type | Default | Description | Allowed Values | --------------------------------- | ----------- | -------- | ----------- | -------------- | -| `package_names` | `Array` | Correct packages for platfrom | List of packages required for this cookbook to work | | +| `package_names` | `Array` | Correct packages for platfrom | List of packages required for this cookbook to work | | ## Examples diff --git a/documentation/iptables_rule.md b/documentation/iptables_rule.md index 966077f..b25260e 100644 --- a/documentation/iptables_rule.md +++ b/documentation/iptables_rule.md @@ -1,4 +1,4 @@ -[back to resource list](https://github.com/chef-cookbooks/iptables#resources) +[Back to resource list](../README.md#resources) --- @@ -14,15 +14,23 @@ If the property `line` is used all other properties around configuring the iptab ## Actions -`:create` +- `:create` +- `:delete` ## Properties | Name | Type | Default | Description | Allowed Values | --------------------------------- | ----------- | -------- | ----------- | -------------- | +| `config_file` | `String` | The default location on disk of the config file, see resource for details | The full path to find the rules on disk | | +| `owner` | `String` | `root` | Owner of the saved output file | | +| `group` | `String` | `root` | Group of the saved output file | | +| `mode` | `String` | `0644` | Permissions on the saved output file | | +| `template` | `source_template` | `iptables.erb` | Source template to use to create the rules | | +| `cookbook` | `String` | `iptables` | Source cookbook to find the template in | | +| `sensitive` | `true, false` | `false` | mark the resource as senstive | | | `table` | `Symbol` | `:filter` | The table the chain exists on for the rule | `:filter`, `:mangle`, `:nat`, `:raw`, `:security` | | `chain` | `Symbol` | `nil` | The name of the Chain to put this rule on | | -| `ip_version` | `Symbol`, `String` | `:ipv4` | The IP version | `:ipv4`, `:ipv6`, `ipv4`, `ipv6` | +| `ip_version` | `Symbol`, `String` | `:ipv4` | The IP version | `:ipv4`, `:ipv6`, `ipv4`, `ipv6` | | `protocol` | `Symbol`, `String`, `Integer` | | The protocol to look for | | | `match` | `String` | | extended packet matching module to use | | | `source` | `String` | | Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address. The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0. A "!" argument before the address specification inverts the sense of the address. | | @@ -36,11 +44,6 @@ If the property `line` is used all other properties around configuring the iptab | `line` | `String` | | Specify the entire line yourself, overrides all other options | | | `extra_options` | `String` | | Pass in extra arguments which are not available directly, useful with modules | | | `comment` | `String` | | A comment to put on the rule | | -| `file_mode` | `String` | `0644` | Permissions on the saved output file | | -| `source_template` | `source_template` | `iptables.erb` | Source template to use to create the rules | | -| `cookbook` | `String` | `iptables` | Source cookbook to find the template in | | -| `sensitive` | `true, false` | `false` | mark the resource as senstive | | -| `config_file` | `String` | The default location on disk of the config file, see resource for details | The full path to find the rules on disk | | ## Examples diff --git a/documentation/iptables_service.md b/documentation/iptables_service.md index d80f1cd..5b19a7d 100644 --- a/documentation/iptables_service.md +++ b/documentation/iptables_service.md @@ -1,4 +1,4 @@ -[back to resource list](https://github.com/chef-cookbooks/iptables#resources) +[Back to resource list](../README.md#resources) --- @@ -8,23 +8,34 @@ The `iptables_service` resource can be used to configure the required service fo ## Actions -`:enable` -`:disable` +- `:start` +- `:stop` +- `:restart` +- `:reload` +- `:enable` +- `:disable` ## Properties | Name | Type | Default | Description | Allowed Values | --------------------------------- | ----------- | -------- | ----------- | -------------- | -| `ip_version` | `Symbol` | `:ipv4` | The IP version | `:ipv4`, `:ipv6` | -| `sysconfig` | `Hash` | Correct default settings | A hash of the config settings for sysconfig, see library for more details | | +| `config_file` | `String` | The default location on disk of the config file, see resource for details | The full path to find the rules on disk | | +| `owner` | `String` | `root` | Owner of the saved output file | | +| `group` | `String` | `root` | Group of the saved output file | | +| `mode` | `String` | `0644` | Permissions on the saved output file | | +| `template` | `source_template` | `iptables.erb` | Source template to use to create the rules | | +| `cookbook` | `String` | `iptables` | Source cookbook to find the template in | | +| `sensitive` | `true, false` | `false` | mark the resource as senstive | | +| `ip_version` | `Symbol`, `String` | `:ipv4` | The IP version | `:ipv4`, `:ipv6` | | `service_name` | `String` | Correct service name | Name of the iptables services | | -| `sysconfig_file_mode` | `String` | `0600` | Permissions on the saved sysconfig file | | - -| `file_mode` | `String` | `0644` | Permissions on the saved rules file | | -| `source_template` | `source_template` | `iptables.erb` | Source template to use to create the rules | | +| `owner` | `String` | `root` | Owner of the saved output file | | +| `group` | `String` | `root` | Group of the saved output file | | +| `mode` | `String` | `0644` | Permissions on the saved rules file | | +| `template` | `source_template` | `iptables.erb` | Source template to use to create the rules | | | `cookbook` | `cookbook` | `iptables` | Source cookbook to find the template in | | | `sysconfig_file` | `String` | The default location on disk of the sysconfig file, see resource for details | The full path to find the sysconfig file on disk | | -| `config_file` | `String` | The default location on disk of the config file, see resource for details | The full path to find the rules on disk | | +| `sysconfig_template` | `source_template` | `iptables-config.erb` | Source template to use to create the rules | | +| `sysconfig` | `Hash` | Correct default settings | A hash of the config settings for sysconfig, see library for more details | | ## Examples