[chef] AFW, Chef and Netfilter

[Julien Vehent < >]

Hi everyone,

Last friday I gave a talk at Security Bsides Delaware on building dynamic 
firewalls with Chef and Netfilter. It's essentially a presentation of the AFW 
cookbook (https://github.com/jvehent/AFW/) that we have been developing at 
AWeber for the past 6 months.

The video is here: https://vimeo.com/53423330

I know from discussions on #chef that some folks are using similar 
techniques in their own firewall cookbooks. I would be curious to hear about 
what approach people are taking to configure them:
- Do you use static rules ?
- Do you use searches ?
- How do you tell database-B to accept connection from API-A ?

I also had an interesting question from a post-talk discussion: would it be 
possible to use Chef to configure a Cisco firewall ? I'm not sure how that 
would work... maybe run chef-client on a VM that mimics the Cisco device, and 
that pushes the rules to the appliance using tftp ? If you have 
ideas/thoughts, I'm definitely interested!

Cheers,
Julien

--
Julien Vehent - http://jve.linuxwall.info