Browse Source

Improve PacketFilter role

Replace hards IP with variable
Add a README file
dev
Jérémy Dubois 4 months ago
parent
commit
8a2111561f
  1. 13
      roles/pf/README.md
  2. 9
      roles/pf/defaults/main.yml
  3. 2
      roles/pf/templates/pf.conf.j2

13
roles/pf/README.md

@ -0,0 +1,13 @@
# PacketFilter
Custom configuration of PacketFilter.
## Tasks
Everything is in the `tasks/main.yml` file.
## Available variables
* `pf_trusted_ips` : list of IP trusted for important access (default: all).
The full list of variables (with default values) can be found in `defaults/main.yml`.

9
roles/pf/defaults/main.yml

@ -0,0 +1,9 @@
---
pf_default_trusted_ips: []
pf_additional_trusted_ips: []
# and default to ['0.0.0.0/0'] if the result is still empty
pf_trusted_ips:
"{{ pf_default_trusted_ips | union(pf_additional_trusted_ips)
| unique | join(', ')
| default(['0.0.0.0/0'], true) }}"

2
roles/pf/templates/pf.conf.j2

@ -12,7 +12,7 @@ ext_if="{{ ansible_default_ipv4.device }}"
###########################
# Evolix
table <evolix> { 88.179.18.233, 31.170.9.129, 31.170.8.4 }
table <evolix> { {{ pf_trusted_ips }} }
# Port en entrée
# 2222 = ssh secondaire

Loading…
Cancel
Save