Improve PacketFilter role

Replace hards IP with variable
Add a README file
This commit is contained in:
Jérémy Dubois 2020-12-10 19:23:18 +01:00
parent 48ea75957d
commit 8a2111561f
3 changed files with 23 additions and 1 deletions

13
roles/pf/README.md Normal file
View file

@ -0,0 +1,13 @@
# PacketFilter
Custom configuration of PacketFilter.
## Tasks
Everything is in the `tasks/main.yml` file.
## Available variables
* `pf_trusted_ips` : list of IP trusted for important access (default: all).
The full list of variables (with default values) can be found in `defaults/main.yml`.

View file

@ -0,0 +1,9 @@
---
pf_default_trusted_ips: []
pf_additional_trusted_ips: []
# and default to ['0.0.0.0/0'] if the result is still empty
pf_trusted_ips:
"{{ pf_default_trusted_ips | union(pf_additional_trusted_ips)
| unique | join(', ')
| default(['0.0.0.0/0'], true) }}"

View file

@ -12,7 +12,7 @@ ext_if="{{ ansible_default_ipv4.device }}"
###########################
# Evolix
table <evolix> { 88.179.18.233, 31.170.9.129, 31.170.8.4 }
table <evolix> { {{ pf_trusted_ips }} }
# Port en entrée
# 2222 = ssh secondaire