evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity
ansible-roles/minifirewall
History
Mathieu Trossevin 7c632352a0
Replace the include module with include_tasks or import_tasks 
The behaviour of the `include` module is badly defined (it try to choose
between statically importing the tasks and dynamically including them)
and can cause problems depending on any number of constraints (mostly if
it choose the wrong behaviour).

Replace it with the `import_tasks` (always statically import tasks) unless
the `include` is in a loop in which case we replace it with
`include_tasks` (always dynamically include tasks).
2023-01-03 14:43:42 +01:00
..
defaults minifirewall: compatibility with "legacy" version of minifirewall 2022-04-28 12:40:02 +02:00
files minifirewall: whitelist deb.freexian.com 2022-10-03 18:54:29 +02:00
handlers minifirewall: use handlers to restart minifirewall 2022-09-09 16:09:48 +02:00
meta Update Galaxy metadata (company, platforms and galaxy_tags) 2021-06-28 15:26:28 +02:00
tasks Replace the include module with include_tasks or import_tasks 2023-01-03 14:43:42 +01:00
templates minifirewall: compatibility with "legacy" version of minifirewall 2022-04-28 12:40:02 +02:00
tests Minifirewall: install Git for tests 2017-07-13 16:36:27 +02:00
.kitchen.yml Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
README.md minifirewall: improve variables values and documentation 2018-08-30 17:06:21 +02:00

README.md

minifirewall

Installation of minifirewall a simple and versatile local firewall.

The firewall is not started by default, but an init script is installed.

Tasks

Everything is in the tasks/main.yml file.

Available variables

  • minifirewall_int: which network interface to protect (default: detected default ipv4 interface)
  • minifirewall_ipv6_enabled: (default: on)
  • minifirewall_int_lan: (default: IP/32)
  • minifirewall_trusted_ips: with IP/hosts should be trusted for full access (default: none)
  • minifirewall_privilegied_ips: with IP/hosts should be trusted for restricted access (default: none)
  • minifirewall_tail_included : source a "tail" file at the end of the main config file (default: False)
  • minifirewall_tail_force : overwrite the "tail" file (default: True)
  • minifirewall_restart_if_needed : should the restart handler be executed (default: True)
  • minifirewall_restart_force : force restart minifirewall at the end of the role execution (default: False)
  • minifirewall_autostart : enable minifirewall start at boot time (default: False) The full list of variables (with default values) can be found in defaults/main.yml.

Some IP/hosts must be configured or the server will be inaccessible via network.

minifirewall-tail

Compiles a minifirewall.tail file based on templates and source it at the end of minifirewall configuration.

Templates are looked up in that order :

  1. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2
  2. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2 (NB : host_group is not a core variable, it must be defined in group_vars files.)
  3. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2

If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2