Ansible roles by Evolix
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Jérémy Lecour afa0fd35c8 Change default public SSH/SFTP port from 2222 to 22222 1 month ago
..
defaults Change default public SSH/SFTP port from 2222 to 22222 1 month ago
files Change default public SSH/SFTP port from 2222 to 22222 1 month ago
handlers Add minifirewal_status and check_minifirewall 2 years ago
meta change repositories URL 1 year ago
tasks minifirewall: /bin/true command doesn't report "changed" anymore 5 months ago
templates minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s)) 8 months ago
tests Minifirewall: install Git for tests 3 years ago
.kitchen.yml Kitchen: Change base image to evolix/ansible 3 years ago
README.md minifirewall: improve variables values and documentation 2 years ago

README.md

minifirewall

Installation of minifirewall a simple and versatile local firewall.

The firewall is not started by default, but an init script is installed.

Tasks

Everything is in the tasks/main.yml file.

Available variables

  • minifirewall_int: which network interface to protect (default: detected default ipv4 interface)
  • minifirewall_ipv6_enabled: (default: on)
  • minifirewall_int_lan: (default: IP/32)
  • minifirewall_trusted_ips: with IP/hosts should be trusted for full access (default: none)
  • minifirewall_privilegied_ips: with IP/hosts should be trusted for restricted access (default: none)
  • minifirewall_tail_included : source a “tail” file at the end of the main config file (default: False)
  • minifirewall_tail_force : overwrite the “tail” file (default: True)
  • minifirewall_restart_if_needed : should the restart handler be executed (default: True)
  • minifirewall_restart_force : force restart minifirewall at the end of the role execution (default: False)
  • minifirewall_autostart : enable minifirewall start at boot time (default: False) The full list of variables (with default values) can be found in defaults/main.yml.

Some IP/hosts must be configured or the server will be inaccessible via network.

minifirewall-tail

Compiles a minifirewall.tail file based on templates and source it at the end of minifirewall configuration.

Templates are looked up in that order :

  1. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2
  2. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2 (NB : host_group is not a core variable, it must be defined in group_vars files.)
  3. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2

If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2