|
|
|
@ -127,7 +127,7 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'"
|
|
|
|
|
regexp: "DNSSERVEURS='.*'"
|
|
|
|
|
regexp: "DNSSERVEURS=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_dns_servers is not none
|
|
|
|
|
|
|
|
|
@ -135,7 +135,7 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
|
|
|
|
|
regexp: "HTTPSITES='.*'"
|
|
|
|
|
regexp: "HTTPSITES=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_http_sites is not none
|
|
|
|
|
|
|
|
|
@ -143,7 +143,7 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'"
|
|
|
|
|
regexp: "HTTPSSITES='.*'"
|
|
|
|
|
regexp: "HTTPSSITES=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_https_sites is not none
|
|
|
|
|
|
|
|
|
@ -151,7 +151,7 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'"
|
|
|
|
|
regexp: "FTPSITES='.*'"
|
|
|
|
|
regexp: "FTPSITES=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_ftp_sites is not none
|
|
|
|
|
|
|
|
|
@ -159,7 +159,7 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'"
|
|
|
|
|
regexp: "SSHOK='.*'"
|
|
|
|
|
regexp: "SSHOK=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_ssh_ok is not none
|
|
|
|
|
|
|
|
|
@ -167,7 +167,7 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'"
|
|
|
|
|
regexp: "SMTPOK='.*'"
|
|
|
|
|
regexp: "SMTPOK=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_smtp_ok is not none
|
|
|
|
|
|
|
|
|
@ -175,7 +175,7 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'"
|
|
|
|
|
regexp: "SMTPSECUREOK='.*'"
|
|
|
|
|
regexp: "SMTPSECUREOK=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_smtp_secure_ok is not none
|
|
|
|
|
|
|
|
|
@ -183,10 +183,100 @@
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'"
|
|
|
|
|
regexp: "NTPOK='.*'"
|
|
|
|
|
regexp: "NTPOK=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_ntp_ok is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure PROXY
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "PROXY='{{ minifirewall_proxy }}'"
|
|
|
|
|
regexp: "PROXY=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_proxy is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure PROXYPORT
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
|
|
|
|
|
regexp: "PROXYPORT=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_proxyport is not none
|
|
|
|
|
|
|
|
|
|
# Warning: keep double quotes for the value,
|
|
|
|
|
# since we often reference a shell variable that needs to be interpolated
|
|
|
|
|
- name: Configure PROXYBYPASS
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
|
|
|
|
|
regexp: "PROXYBYPASS=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_proxybypass is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure BACKUPSERVERS
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
|
|
|
|
|
regexp: "BACKUPSERVERS=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_backupservers is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS='{{ minifirewall_sysctl_icmp_echo_ignore_broadcasts }}'"
|
|
|
|
|
regexp: "SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_sysctl_icmp_echo_ignore_broadcasts is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES='{{ minifirewall_sysctl_icmp_ignore_bogus_error_responses }}'"
|
|
|
|
|
regexp: "SYSCTL_ICMP_IGNORE_BOGUS_ERROR_RESPONSES=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_sysctl_icmp_ignore_bogus_error_responses is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_ACCEPT_SOURCE_ROUTE
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_ACCEPT_SOURCE_ROUTE='{{ minifirewall_sysctl_accept_source_route }}'"
|
|
|
|
|
regexp: "SYSCTL_ACCEPT_SOURCE_ROUTE=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_sysctl_accept_source_route is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_TCP_SYNCOOKIES
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_TCP_SYNCOOKIES='{{ minifirewall_sysctl_tcp_syncookies }}'"
|
|
|
|
|
regexp: "SYSCTL_TCP_SYNCOOKIES=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_sysctl_tcp_syncookies is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_ICMP_REDIRECTS
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_ICMP_REDIRECTS='{{ minifirewall_sysctl_icmp_redirects }}'"
|
|
|
|
|
regexp: "SYSCTL_ICMP_REDIRECTS=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_sysctl_icmp_redirects is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_RP_FILTER
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_RP_FILTER='{{ minifirewall_sysctl_rp_filter }}'"
|
|
|
|
|
regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_sysctl_rp_filter is not none
|
|
|
|
|
|
|
|
|
|
- name: Configure SYSCTL_LOG_MARTIANS
|
|
|
|
|
lineinfile:
|
|
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
|
line: "SYSCTL_LOG_MARTIANS='{{ minifirewall_sysctl_log_martians }}'"
|
|
|
|
|
regexp: "SYSCTL_LOG_MARTIANS=('|\").*('|\")"
|
|
|
|
|
create: no
|
|
|
|
|
when: minifirewall_sysctl_log_martians is not none
|
|
|
|
|
|
|
|
|
|
- name: Stat minifirewall config file (after)
|
|
|
|
|
stat:
|
|
|
|
|
path: "/etc/default/minifirewall"
|
|
|
|
|