iptables-ng cookbook for chef

Today, I released iptables-ng, a cookbook to maintain iptables rules on different machines using chef.

But why another cookbook? There are two fairly often used around

• iptables from Opscode
• simple_iptables from Dan Crosta

Well, I wanted a tool which can do all the following:

• Configure iptables rules in a consistent and nice way for all distributions
• Be configured by using LWRPs only
• Be configured by using node attributes only
• Respect the way the currently used distribution stores their rules
• Provide a good-to-read and good-to-maintain way of deploying complex iptables rulesets
• Provide a way of specifying the order of the iptables rules, in case needed
• Only run iptables-restore once during a chef run, and only if something was actually changed
• Support both, ipv6 as well as ipv4
• Be able to assemble iptables rules from different recipes (and even cookbooks), so you can set your iptables rule where you actually configure the service