minifirewall: configure proxy/backup/sysctl values
Some checks reported errors
continuous-integration/drone/push Build was killed
Some checks reported errors
continuous-integration/drone/push Build was killed
This commit is contained in:
parent
20abe0e09a
commit
31c2629d31
|
@ -12,6 +12,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* minifirewall: configure proxy/backup/sysctl values
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
* evocheck: upstream release 22.03.1
|
* evocheck: upstream release 22.03.1
|
||||||
|
|
|
@ -47,6 +47,22 @@ minifirewall_smtp_ok: Null
|
||||||
minifirewall_smtp_secure_ok: Null
|
minifirewall_smtp_secure_ok: Null
|
||||||
minifirewall_ntp_ok: Null
|
minifirewall_ntp_ok: Null
|
||||||
|
|
||||||
|
minifirewall_proxy: "off"
|
||||||
|
minifirewall_proxyport: 8888
|
||||||
|
minifirewall_proxybypass:
|
||||||
|
- "${INTLAN}"
|
||||||
|
- "127.0.0.0/8"
|
||||||
|
- "::1/128"
|
||||||
|
minifirewall_backupservers: Null
|
||||||
|
|
||||||
|
minifirewall_sysctl_icmp_echo_ignore_broadcasts : Null
|
||||||
|
minifirewall_sysctl_icmp_ignore_bogus_error_responses : Null
|
||||||
|
minifirewall_sysctl_accept_source_route : Null
|
||||||
|
minifirewall_sysctl_tcp_syncookies : Null
|
||||||
|
minifirewall_sysctl_icmp_redirects : Null
|
||||||
|
minifirewall_sysctl_rp_filter : Null
|
||||||
|
minifirewall_sysctl_log_martians : Null
|
||||||
|
|
||||||
minifirewall_autostart: False
|
minifirewall_autostart: False
|
||||||
minifirewall_restart_if_needed: True
|
minifirewall_restart_if_needed: True
|
||||||
minifirewall_restart_force: False
|
minifirewall_restart_force: False
|
||||||
|
|
|
@ -127,7 +127,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'"
|
line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'"
|
||||||
regexp: "DNSSERVEURS='.*'"
|
regexp: "DNSSERVEURS=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_dns_servers is not none
|
when: minifirewall_dns_servers is not none
|
||||||
|
|
||||||
|
@ -135,7 +135,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
|
line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
|
||||||
regexp: "HTTPSITES='.*'"
|
regexp: "HTTPSITES=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_http_sites is not none
|
when: minifirewall_http_sites is not none
|
||||||
|
|
||||||
|
@ -143,7 +143,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'"
|
line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'"
|
||||||
regexp: "HTTPSSITES='.*'"
|
regexp: "HTTPSSITES=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_https_sites is not none
|
when: minifirewall_https_sites is not none
|
||||||
|
|
||||||
|
@ -151,7 +151,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'"
|
line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'"
|
||||||
regexp: "FTPSITES='.*'"
|
regexp: "FTPSITES=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_ftp_sites is not none
|
when: minifirewall_ftp_sites is not none
|
||||||
|
|
||||||
|
@ -159,7 +159,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'"
|
line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'"
|
||||||
regexp: "SSHOK='.*'"
|
regexp: "SSHOK=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_ssh_ok is not none
|
when: minifirewall_ssh_ok is not none
|
||||||
|
|
||||||
|
@ -167,7 +167,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'"
|
line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'"
|
||||||
regexp: "SMTPOK='.*'"
|
regexp: "SMTPOK=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_smtp_ok is not none
|
when: minifirewall_smtp_ok is not none
|
||||||
|
|
||||||
|
@ -175,7 +175,7 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'"
|
line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'"
|
||||||
regexp: "SMTPSECUREOK='.*'"
|
regexp: "SMTPSECUREOK=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_smtp_secure_ok is not none
|
when: minifirewall_smtp_secure_ok is not none
|
||||||
|
|
||||||
|
@ -183,10 +183,100 @@
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "/etc/default/minifirewall"
|
dest: "/etc/default/minifirewall"
|
||||||
line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'"
|
line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'"
|
||||||
regexp: "NTPOK='.*'"
|
regexp: "NTPOK=('|\").*('|\")"
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_ntp_ok is not none
|
when: minifirewall_ntp_ok is not none
|
||||||
|
|
||||||
|
- name: Configure PROXY
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "PROXY='{{ minifirewall_proxy }}'"
|
||||||
|
regexp: "PROXY=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_proxy is not none
|
||||||
|
|
||||||
|
- name: Configure PROXYPORT
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
|
||||||
|
regexp: "PROXYPORT=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_proxyport is not none
|
||||||
|
|
||||||
|
# Warning: keep double quotes for the value,
|
||||||
|
# since we often reference a shell variable that needs to be interpolated
|
||||||
|
- name: Configure PROXYBYPASS
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
|
||||||
|
regexp: "PROXYBYPASS=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_proxybypass is not none
|
||||||
|
|
||||||
|
- name: Configure BACKUPSERVERS
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
|
||||||
|
regexp: "BACKUPSERVERS=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_backupservers is not none
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS='{{ minifirewall_sysctl_icmp_echo_ignore_broadcasts }}'"
|
||||||
|
regexp: "SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_sysctl_icmp_echo_ignore_broadcasts is not none
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES='{{ minifirewall_sysctl_icmp_ignore_bogus_error_responses }}'"
|
||||||
|
regexp: "SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_sysctl_icmp_ignore_bogus_error_responses is not none
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_ACCEPT_SOURCE_ROUTE
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_ACCEPT_SOURCE_ROUTE='{{ minifirewall_sysctl_accept_source_route }}'"
|
||||||
|
regexp: "SYSCTL_ACCEPT_SOURCE_ROUTE=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_sysctl_accept_source_route is not none
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_TCP_SYNCOOKIES
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_TCP_SYNCOOKIES='{{ minifirewall_sysctl_tcp_syncookies }}'"
|
||||||
|
regexp: "SYSCTL_TCP_SYNCOOKIES=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_sysctl_tcp_syncookies is not none
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_ICMP_REDIRECTS
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_ICMP_REDIRECTS='{{ minifirewall_sysctl_icmp_redirects }}'"
|
||||||
|
regexp: "SYSCTL_ICMP_REDIRECTS=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_sysctl_icmp_redirects is not none
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_RP_FILTER
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_RP_FILTER='{{ minifirewall_sysctl_rp_filter }}'"
|
||||||
|
regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_sysctl_rp_filter is not none
|
||||||
|
|
||||||
|
- name: Configure SYSCTL_LOG_MARTIANS
|
||||||
|
lineinfile:
|
||||||
|
dest: "/etc/default/minifirewall"
|
||||||
|
line: "SYSCTL_LOG_MARTIANS='{{ minifirewall_sysctl_log_martians }}'"
|
||||||
|
regexp: "SYSCTL_LOG_MARTIANS=('|\").*('|\")"
|
||||||
|
create: no
|
||||||
|
when: minifirewall_sysctl_log_martians is not none
|
||||||
|
|
||||||
- name: Stat minifirewall config file (after)
|
- name: Stat minifirewall config file (after)
|
||||||
stat:
|
stat:
|
||||||
path: "/etc/default/minifirewall"
|
path: "/etc/default/minifirewall"
|
||||||
|
|
Loading…
Reference in a new issue