62 Commits

Author	SHA1	Message	Date
Ludovic Poujol	7a865b0ace	minifirewall: Properly detect alert5.sh to turn on firewall at boot	2020-02-17 16:36:48 +01:00
Ludovic Poujol	704b76e6de	minifirewall: Properly detect alert5.sh to turn on firewall at boot	2020-02-17 16:02:48 +01:00
Ludovic Poujol	02e8754d75	minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))	2020-02-17 10:56:38 +01:00
Jérémy Lecour	f57af13349	minifirewall: better alert5 activation	2020-02-10 10:36:00 +01:00
Jérémy Lecour	bf7de332ea	minifirewall: fix warnings ansible-lint	2020-01-08 17:19:13 +01:00
Jérémy Lecour	27e217467e	Change "|changed" with "is changed"	2019-12-31 16:18:56 +01:00
Jérémy Lecour	e04d881988	replace "with_items" in apt modules	2019-12-31 16:18:56 +01:00
Victor LABORIE	6f5e13f8b8	Add evolix prefix to include_role	2019-11-29 14:00:25 +01:00
Jérémy Lecour	7e50a460a8	minifirewall: add a variable to force the check scripts update	2019-11-05 10:52:14 +01:00
Jérémy Lecour	5476538eb1	minifirewall: no http filtering by default	2019-10-30 14:37:22 +01:00
Benoît S.	755eaab60a	minifirewall: use systemctl is-enabled ... Fixes #66	2019-07-04 17:41:59 +02:00
Jérémy Lecour	bd8644ae60	whitespaces	2019-05-14 14:03:03 +02:00
Jérémy Lecour	aa28e9c1b8	change repositories URL	2019-03-21 15:31:58 +01:00
Jérémy Lecour	a94c94018c	normalize some arguments positions	2019-01-01 20:02:50 +01:00
Jérémy Lecour	2bcc1133c0	minifirewall: all variables are configurable ... By default, a Null value keeps the variable current value as-is. Set an Array (can be empty) to replace the value.	2018-12-04 14:49:50 +01:00
Jérémy Lecour	50e16e0dee	minifirewall: compare config before/after (for restart condition)	2018-12-04 14:46:32 +01:00
Jérémy Lecour	c3e4a78442	minifirewall: main file is configurable	2018-12-04 14:45:48 +01:00
Patrick Marchand	9198c1e2c0	ansible-lint does not like trailing whitespace	2018-11-13 16:56:31 -05:00
Jérémy Lecour	c25c3c6a31	minifirewall: improve variables values and documentation	2018-08-30 17:06:21 +02:00
Jérémy Lecour	9787328a0b	minifirewall: add a variable to force a restart of the firewall	2018-08-30 17:05:30 +02:00
Jérémy Lecour	96cd04ae40	minifirewall: add a variable to disable the restart handler	2018-08-30 17:04:14 +02:00
Jérémy Lecour	d67abef13d	minifirewall: the tail file can be overwritten, or not	2018-06-04 16:31:36 +02:00
Jérémy Lecour	831b733dfe	minifirewall: nrpe/sudo config only if possible	2018-04-06 10:35:43 +02:00
Jérémy Lecour	e984e46b83	minifirewall: nagios plugins directory is configurable	2018-04-06 09:52:18 +02:00
Jérémy Lecour	03c53433d6	Add minifirewal_status and check_minifirewall ... minifirewall_status returns "started" on stdout and exit code 0, or "stopped" on stdout and exit code 1. The state of minifirewall is determined by looking for common iptables rules applied by minifirewall. check_minifirewall is an NRPE plugin for minifirewall. It returns: * 0 (OK) if the firewall state is consistent with its configuration (from the alert5 script) * 1 (WARNING) if the firewall is started but alert5 is not configured properly * 2 (CRITICAL) if the firewall is not running but it should be.	2018-04-06 09:52:18 +02:00
Romain Dessort	0f12501760	Add security-cdn.debian.org to HTTPSITES whitelist ... Debian migrated its security.debian.org repository to Fastly CDN (security-cdn.debian.org) so we have to whitelist it too to make security upgrades possible.	2018-01-29 11:15:11 -05:00
Jérémy Lecour	aeba94bcba	default/additional variables ... List of hosts/ip are a combination of 2 lists allowing overrides	2017-12-20 18:04:54 +01:00
Ludovic Poujol	b90260ae28	minifirewall: Make outgoing SSH in IPv6 works	2017-12-15 14:49:21 +01:00
Jérémy Lecour	0dfc66683a	remove zidane.evolix.net from minifirewall	2017-11-27 10:19:04 +01:00
Jérémy Lecour	bcd3553cbb	minifirewall: add debug for variables	2017-11-26 12:32:33 +01:00
Jérémy Lecour	8ef9554746	Combine evolix and additional trusted IP addresses	2017-11-15 23:57:58 +01:00
Jérémy Lecour	97b0225232	Minifirewall can deal with evomaintenance ... Each role has to know how to deal with the other. Otherwise, depending on order of execution, the firewall might not allow connections for evomaintenance	2017-10-08 00:00:24 +02:00
Jérémy Lecour	98c5619721	minifirewall: install dependencies in install.yml	2017-10-08 00:00:24 +02:00
Jérémy Lecour	3d7a544820	minifirewall: restore default ports ... Copied from https://forge.evolix.org/projects/minifirewall/repository/revisions/master/entry/minifirewall.conf	2017-10-07 10:59:22 +02:00
Gregory Colpart	b4130797cb	ensure iptables is installed	2017-09-29 01:43:31 +02:00
Jérémy Lecour	685282bf93	minifirewall: fallback when no trusted ip is provided	2017-09-14 14:26:44 +02:00
Gregory Colpart	409ac0d503	ajust minfirewall default config (mostly let port 22 in public port to avoid failure during Ansible connection)	2017-08-31 04:05:33 +02:00
Jérémy Lecour	c97110f865	minifirewall: embed files instead of git clone	2017-07-27 22:55:07 -04:00
Jérémy Lecour	fc2bd395b9	Minifirewall: install Git for tests	2017-07-13 16:36:27 +02:00
Jérémy Lecour	b2278a151c	minifirewall: merge the "tail" pattern back into the main role	2017-07-13 15:06:49 +02:00
Gabriel Periard-Tremblay	87ebadcadd	Kitchen: Change base image to evolix/ansible	2017-06-02 08:38:08 -04:00
Jérémy Lecour	64fef56166	Minifirewall: add some context for tests	2017-05-21 11:00:13 +02:00
Jérémy Lecour	9fae99f8dc	Minor syntax and whitespaces fixes	2017-05-19 22:29:53 +02:00
Jérémy Lecour	033ebaa593	Add tests for many roles	2017-05-18 15:44:21 +02:00
Victor LABORIE	584fdafa7e	minifirewall: fix config file right	2017-05-02 17:50:40 +02:00
Tristan PILAT	04a718c159	Add autostart option	2017-05-02 10:56:12 +02:00
Jérémy Lecour	86372199ec	minifirewall: simplify debug	2017-04-11 16:13:53 +02:00
Jérémy Lecour	cda0932aad	whitespaces	2017-03-30 16:05:46 +02:00
Jérémy Lecour	5b2ab0d8d3	Ansible >= 2.2 supported	2017-03-24 14:15:09 +01:00
Jérémy Lecour	5efb9b04e1	Minifirewall: ensure that at least 1 trusted IP is provided	2017-03-22 18:12:30 +01:00