---

# possible values: Null (default), modern or legacy
minifirewall_install_mode: Null

# BEGIN legacy variables
minifirewall_legacy_main_file: /etc/default/minifirewall
minifirewall_legacy_tail_file: /etc/default/minifirewall.tail
# END legacy variabes

minifirewall_tail_file: /etc/minifirewall.d/zzz-tail
minifirewall_tail_included: False
minifirewall_tail_force: True

# Overwrite files completely
minifirewall_force_upgrade_script: False
minifirewall_force_upgrade_config: False

# Update specific values in configuration
minifirewall_update_config: True

minifirewall_int: "{{ ansible_default_ipv4.interface }}"
minifirewall_ipv6: "on"
minifirewall_intlan: "{{ ansible_default_ipv4.address }}/32"
minifirewall_docker: "off"

minifirewall_default_trusted_ips: []
minifirewall_legacy_fallback_trusted_ips: ['0.0.0.0/0']
minifirewall_fallback_trusted_ips: ['0.0.0.0/0', '::/0']
minifirewall_additional_trusted_ips: []
# and default to ['0.0.0.0/0', '::/0'] if the result is still empty
minifirewall_trusted_ips: "{{ minifirewall_default_trusted_ips | union(minifirewall_additional_trusted_ips) | unique }}"
minifirewall_privilegied_ips: []

minifirewall_protected_ports_tcp: [22]
minifirewall_protected_ports_udp: []
minifirewall_public_ports_tcp: [25, 53, 443, 993, 995, 22222]
minifirewall_public_ports_udp: [53]
minifirewall_semipublic_ports_tcp: [20, 21, 22, 80, 110, 143]
minifirewall_semipublic_ports_udp: []
minifirewall_private_ports_tcp: [5666]
minifirewall_private_ports_udp: []

# Keep a null value to leave the setting as is
# otherwise use an Array, eg. "minifirewall_ssh_ok: ['0.0.0.0/0', '::/0']"
minifirewall_dns_servers: Null
minifirewall_http_sites: Null
minifirewall_https_sites: Null
minifirewall_ftp_sites: Null
minifirewall_ssh_ok: Null
minifirewall_smtp_ok: Null
minifirewall_smtp_secure_ok: Null
minifirewall_ntp_ok: Null

minifirewall_proxy: "off"
minifirewall_proxyport: 8888
minifirewall_proxybypass:
  - "${INTLAN}"
  - "127.0.0.0/8"
  - "::1/128"
minifirewall_backupservers: Null

minifirewall_sysctl_icmp_echo_ignore_broadcasts : Null
minifirewall_sysctl_icmp_ignore_bogus_error_responses : Null
minifirewall_sysctl_accept_source_route : Null
minifirewall_sysctl_tcp_syncookies : Null
minifirewall_sysctl_icmp_redirects : Null
minifirewall_sysctl_rp_filter : Null
minifirewall_sysctl_log_martians : Null

minifirewall_autostart: False
minifirewall_restart_if_needed: True
minifirewall_restart_force: False

minifirewall_force_update_nrpe_scripts: False

evomaintenance_hosts: []

nagios_plugins_directory: "/usr/local/lib/nagios/plugins"