forked from evolix/ansible-roles
75 lines
2.4 KiB
YAML
75 lines
2.4 KiB
YAML
---
|
|
|
|
# Deprecated variable
|
|
# minifirewall_main_file: /etc/default/minifirewall
|
|
|
|
minifirewall_tail_file: zzz-tail
|
|
minifirewall_tail_included: False
|
|
minifirewall_tail_force: True
|
|
|
|
# Overwrite files completely
|
|
minifirewall_force_upgrade_script: False
|
|
minifirewall_force_upgrade_config: False
|
|
|
|
# Update specific values in configuration
|
|
minifirewall_update_config: True
|
|
|
|
minifirewall_git_url: "https://forge.evolix.org/minifirewall.git"
|
|
minifirewall_checkout_path: "/tmp/minifirewall"
|
|
minifirewall_int: "{{ ansible_default_ipv4.interface }}"
|
|
minifirewall_ipv6: "on"
|
|
minifirewall_intlan: "{{ ansible_default_ipv4.address }}/32"
|
|
minifirewall_docker: "off"
|
|
|
|
minifirewall_default_trusted_ips: []
|
|
minifirewall_additional_trusted_ips: []
|
|
# and default to ['0.0.0.0/0', '::/0'] if the result is still empty
|
|
minifirewall_trusted_ips: "{{ minifirewall_default_trusted_ips | union(minifirewall_additional_trusted_ips) | unique | default(['0.0.0.0/0', '::/0'], true) }}"
|
|
minifirewall_privilegied_ips: []
|
|
|
|
minifirewall_protected_ports_tcp: [22]
|
|
minifirewall_protected_ports_udp: []
|
|
minifirewall_public_ports_tcp: [25, 53, 443, 993, 995, 22222]
|
|
minifirewall_public_ports_udp: [53]
|
|
minifirewall_semipublic_ports_tcp: [20, 21, 22, 80, 110, 143]
|
|
minifirewall_semipublic_ports_udp: []
|
|
minifirewall_private_ports_tcp: [5666]
|
|
minifirewall_private_ports_udp: []
|
|
|
|
# Keep a null value to leave the setting as is
|
|
# otherwise use an Array, eg. "minifirewall_ssh_ok: ['0.0.0.0/0', '::/0']"
|
|
minifirewall_dns_servers: Null
|
|
minifirewall_http_sites: Null
|
|
minifirewall_https_sites: Null
|
|
minifirewall_ftp_sites: Null
|
|
minifirewall_ssh_ok: Null
|
|
minifirewall_smtp_ok: Null
|
|
minifirewall_smtp_secure_ok: Null
|
|
minifirewall_ntp_ok: Null
|
|
|
|
minifirewall_proxy: "off"
|
|
minifirewall_proxyport: 8888
|
|
minifirewall_proxybypass:
|
|
- "${INTLAN}"
|
|
- "127.0.0.0/8"
|
|
- "::1/128"
|
|
minifirewall_backupservers: Null
|
|
|
|
minifirewall_sysctl_icmp_echo_ignore_broadcasts : Null
|
|
minifirewall_sysctl_icmp_ignore_bogus_error_responses : Null
|
|
minifirewall_sysctl_accept_source_route : Null
|
|
minifirewall_sysctl_tcp_syncookies : Null
|
|
minifirewall_sysctl_icmp_redirects : Null
|
|
minifirewall_sysctl_rp_filter : Null
|
|
minifirewall_sysctl_log_martians : Null
|
|
|
|
minifirewall_autostart: False
|
|
minifirewall_restart_if_needed: True
|
|
minifirewall_restart_force: False
|
|
|
|
minifirewall_force_update_nrpe_scripts: False
|
|
|
|
evomaintenance_hosts: []
|
|
|
|
nagios_plugins_directory: "/usr/local/lib/nagios/plugins"
|