Charm Helpers

Merge lp://staging/~freyes/charm-helpers/ufw into lp://staging/charm-helpers

ufw
Merge into devel

Proposed by Felipe Reyes on 2014-12-04

Status:	Superseded
Proposed branch:	lp://staging/~freyes/charm-helpers/ufw
Merge into:	lp://staging/charm-helpers
Diff against target:	396 lines (+387/-0) 2 files modified charmhelpers/contrib/network/ufw.py (+182/-0) tests/contrib/network/test_ufw.py (+205/-0)
To merge this branch:	bzr merge lp://staging/~freyes/charm-helpers/ufw
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jorge Niedbalski (community)		2014-12-04	Needs Fixing on 2014-12-04
Review via email: mp+243690@code.staging.launchpad.net

This proposal has been superseded by a proposal from 2014-12-04.

Description of the change

Dear Charmers,

Here I'm proposing a module to manage access to services using ufw, this is a helpful module to secure services that don't provide built-in mechanisms to control accesses (for example memcached).

Here are some examples on how the API is used:

- open SSH port for subnet 10.0.3.0/24:

  >>> from charmhelpers.contrib.network import ufw
  >>> ufw.enable()
  >>> ufw.grant_access(src='10.0.3.0/24', dst='any', port='22', proto='tcp')

- open service by name as defined in /etc/services:

  >>> from charmhelpers.contrib.network import ufw
  >>> ufw.enable()
  >>> ufw.service('ssh', 'open')

- close service by port number:

  >>> from charmhelpers.contrib.network import ufw
  >>> ufw.enable()
  >>> ufw.service('4949', 'close') # munin

Thanks,

Revision history for this message

Jorge Niedbalski (niedbalski) wrote on 2014-12-04:

Felipe,

Thanks again for contributing, please review the inline comments.

Also please add some ipv6 cases to your tests.

Other than that. LGTM.

review: Needs Fixing

lp://staging/~freyes/charm-helpers/ufw updated on 2014-12-04

263. By Felipe Reyes on 2014-12-04: Add IPv6 test
264. By Felipe Reyes on 2014-12-04: Check if uwf is enabled before enabling it, if it's disabled before disable it.