Improve PacketFilter role
Replace hards IP with variable Add a README file
This commit is contained in:
parent
48ea75957d
commit
8a2111561f
3 changed files with 23 additions and 1 deletions
13
roles/pf/README.md
Normal file
13
roles/pf/README.md
Normal file
|
@ -0,0 +1,13 @@
|
|||
# PacketFilter
|
||||
|
||||
Custom configuration of PacketFilter.
|
||||
|
||||
## Tasks
|
||||
|
||||
Everything is in the `tasks/main.yml` file.
|
||||
|
||||
## Available variables
|
||||
|
||||
* `pf_trusted_ips` : list of IP trusted for important access (default: all).
|
||||
|
||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
9
roles/pf/defaults/main.yml
Normal file
9
roles/pf/defaults/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
|
||||
pf_default_trusted_ips: []
|
||||
pf_additional_trusted_ips: []
|
||||
# and default to ['0.0.0.0/0'] if the result is still empty
|
||||
pf_trusted_ips:
|
||||
"{{ pf_default_trusted_ips | union(pf_additional_trusted_ips)
|
||||
| unique | join(', ')
|
||||
| default(['0.0.0.0/0'], true) }}"
|
|
@ -12,7 +12,7 @@ ext_if="{{ ansible_default_ipv4.device }}"
|
|||
###########################
|
||||
|
||||
# Evolix
|
||||
table <evolix> { 88.179.18.233, 31.170.9.129, 31.170.8.4 }
|
||||
table <evolix> { {{ pf_trusted_ips }} }
|
||||
|
||||
# Port en entrée
|
||||
# 2222 = ssh secondaire
|
||||
|
|
Loading…
Reference in a new issue