From 2681d6680f2fc9663ff3ffd562c0bc78ab6eb114 Mon Sep 17 00:00:00 2001
From: nilsver <nverschaeve@redborder.com>
Date: Wed, 16 Oct 2024 11:27:12 +0100
Subject: [PATCH] add firewall cookbook

---
 resources/attributes/default.rb | 2 ++
 resources/metadata.rb           | 1 +
 resources/recipes/configure.rb  | 8 ++++++++
 3 files changed, 11 insertions(+)

diff --git a/resources/attributes/default.rb b/resources/attributes/default.rb
index cb35319..f61af2c 100644
--- a/resources/attributes/default.rb
+++ b/resources/attributes/default.rb
@@ -65,6 +65,7 @@
 default['redborder']['services']['clamav'] = true
 default['redborder']['services']['chrony'] = true
 default['redborder']['services']['redborder-exporter'] = true
+default['redborder']['services']['firewall'] = true
 
 default['redborder']['systemdservices']['chef-client'] = ['chef-client']
 default['redborder']['systemdservices']['redborder-monitor'] = ['redborder-monitor']
@@ -74,3 +75,4 @@
 default['redborder']['systemdservices']['barnyard2'] = ['barnyard2']
 default['redborder']['systemdservices']['redborder-exporter'] = ['rb-exporter']
 default['redborder']['systemdservices']['chrony'] = ['chronyd']
+default['redborder']['systemdservices']['firewall'] = ['firewalld']
diff --git a/resources/metadata.rb b/resources/metadata.rb
index c82022b..c289cbf 100644
--- a/resources/metadata.rb
+++ b/resources/metadata.rb
@@ -20,3 +20,4 @@
 depends 'rb-clamav'
 depends 'rb-chrony'
 depends 'rb-exporter'
+depends 'rb-firewall'
diff --git a/resources/recipes/configure.rb b/resources/recipes/configure.rb
index 3de52db..e77e75e 100644
--- a/resources/recipes/configure.rb
+++ b/resources/recipes/configure.rb
@@ -44,6 +44,14 @@
   end
 end
 
+rb_firewall_config 'Configure Firewall' do
+  if ips_services['firewall']
+    action :add
+  else
+    action :remove
+  end
+end
+
 node.normal['redborder']['chef_client_interval'] = 300
 
 directory '/etc/snortpcaps' do