Book Image

Chef Infrastructure Automation Cookbook

By : Matthias Marschall
Book Image

Chef Infrastructure Automation Cookbook

By: Matthias Marschall

Overview of this book

Table of Contents (14 chapters)
Chef Infrastructure Automation Cookbook Second Edition
About the Author
About the Reviewers

Managing firewalls with iptables

Securing your servers is very important. One basic way of shutting down quite a few attack vectors is running a firewall on your nodes. The firewall will make sure that only those network connections that hit the services you decide to allow are accepted.

On Ubuntu, iptables is one of the tools available for the job. Let's see how to set it up to make your servers more secure.

Getting ready

Make sure that you have a cookbook called my_cookbook and that the run_list of your node includes my_cookbook, as described in the Creating and using cookbooks recipe in Chapter 1, Chef Infrastructure.

Create your Berksfile in your Chef repository including my_cookbook:

mma@laptop:~/chef-repo $ subl Berksfile
cookbook 'my_cookbook', path: './cookbooks/my_cookbook'

How to do it...

Let's set up iptables so that it blocks all network connections to your node and only accepts connections to the SSH and HTTP ports:

  1. Edit your cookbook's metadata.rb:

    mma@laptop:~/chef-repo $ subl cookbooks...