From 6fd0a57fdfb0f6f3f7b49dffc12551de6ac85cdb Mon Sep 17 00:00:00 2001
From: James Barnett <James_Barnett@rapid7.com>
Date: Thu, 6 Jul 2017 17:08:33 -0500
Subject: [PATCH] Configure iptables for other services.

---
 .../metasploitable/attributes/default.rb      | 19 ++++++++++---------
 .../metasploitable/recipes/iptables.rb        | 10 ++++++----
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/chef/cookbooks/metasploitable/attributes/default.rb b/chef/cookbooks/metasploitable/attributes/default.rb
index 3531855..f836c0b 100644
--- a/chef/cookbooks/metasploitable/attributes/default.rb
+++ b/chef/cookbooks/metasploitable/attributes/default.rb
@@ -9,12 +9,13 @@ default[:metasploitable][:docker_users] = ['boba_fett',
 
 default[:metasploitable][:files_path] = '/vagrant/chef/cookbooks/metasploitable/files/'
 
-default[:metasploitable][:ports][:cups] = 631
-default[:metasploitable][:ports][:apache] = 80
-default[:metasploitable][:ports][:unrealircd] = 6697
-default[:metasploitable][:ports][:proftpd] = 21
-default[:metasploitable][:ports][:mysql] = 3306
-default[:metasploitable][:ports][:chatbot][:ui] = default[:metasploitable][:ports][:apache]
-default[:metasploitable][:ports][:chatbot][:nodejs] = 3000
-default[:metasploitable][:ports][:chatbot][:ruby] = 8181
-default[:metasploitable][:ports][:samba] = 445
+default[:metasploitable][:ports] = { :cups => 631,
+                                     :apache => 80,
+                                     :unrealircd => 6697,
+                                     :proftpd => 21,
+                                     :mysql => 3306,
+                                     :chatbot_ui => 80,
+                                     :chatbot_nodejs => 3000,
+                                     :ruby => 8181,
+                                     :samba => 445
+}
diff --git a/chef/cookbooks/metasploitable/recipes/iptables.rb b/chef/cookbooks/metasploitable/recipes/iptables.rb
index 665be73..12e4ed6 100644
--- a/chef/cookbooks/metasploitable/recipes/iptables.rb
+++ b/chef/cookbooks/metasploitable/recipes/iptables.rb
@@ -9,12 +9,14 @@ execute "apt-get update" do
 end
 
 bash 'setup for knockd, used for flag' do
-  code 'iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP'
-  code 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT'
+  code_to_execute = ""
+  code_to_execute << "iptables -A FORWARD 1 -p tcp -m tcp --dport 8989 -j DROP\n"
+  code_to_execute << "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n"
   node[:metasploitable][:ports].keys.each do |service|
-    code "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service]} -j ACCEPT"
+    code_to_execute << "iptables -A INPUT -p tcp --dport #{node[:metasploitable][:ports][service.to_sym]} -j ACCEPT\n"
   end
-  code 'iptables -A INPUT -j DROP'
+  code_to_execute << "iptables -A INPUT -j DROP\n"
+  code code_to_execute
 end
 
 package 'iptables-persistent' do