evolix
/
ansible-roles
22
2
Bifurcation 2
Code Tickets 61 Demandes d'ajout 18 Publications 32 Wiki Activité
ansible-roles/minifirewall
Historique
William Hirigoyen 68d9d3c47c
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|3|2680|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/456//ansiblelint">Evolix » ansible-roles » unstable #456</a> Détails
gitea/ansible-roles/pipeline/head This commit looks good Détails
minifirewall: do not open publicly ports except 22222 		2024-01-24 11:45:28 +01:00
..
defaults minifirewall: do not open publicly ports except 22222 2024-01-24 11:45:28 +01:00
files fix(minifirewall): Properly detect old minifirewall versions 2023-12-14 16:59:55 +01:00
handlers Use FQCN 2023-03-20 23:33:19 +01:00
meta Update Galaxy metadata (company, platforms and galaxy_tags) 2021-06-28 15:26:28 +02:00
tasks Use FQCN 2023-03-20 23:33:19 +01:00
templates minifirewall: compatibility with "legacy" version of minifirewall 2022-04-28 12:40:02 +02:00
tests Use FQCN 2023-03-20 23:33:19 +01:00
.kitchen.yml Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
README.md minifirewall: improve variables values and documentation 2018-08-30 17:06:21 +02:00

README.md

minifirewall

Installation of minifirewall a simple and versatile local firewall.

The firewall is not started by default, but an init script is installed.

Tasks

Everything is in the tasks/main.yml file.

Available variables

  • minifirewall_int: which network interface to protect (default: detected default ipv4 interface)
  • minifirewall_ipv6_enabled: (default: on)
  • minifirewall_int_lan: (default: IP/32)
  • minifirewall_trusted_ips: with IP/hosts should be trusted for full access (default: none)
  • minifirewall_privilegied_ips: with IP/hosts should be trusted for restricted access (default: none)
  • minifirewall_tail_included : source a "tail" file at the end of the main config file (default: False)
  • minifirewall_tail_force : overwrite the "tail" file (default: True)
  • minifirewall_restart_if_needed : should the restart handler be executed (default: True)
  • minifirewall_restart_force : force restart minifirewall at the end of the role execution (default: False)
  • minifirewall_autostart : enable minifirewall start at boot time (default: False) The full list of variables (with default values) can be found in defaults/main.yml.

Some IP/hosts must be configured or the server will be inaccessible via network.

minifirewall-tail

Compiles a minifirewall.tail file based on templates and source it at the end of minifirewall configuration.

Templates are looked up in that order :

  1. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2
  2. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2 (NB : host_group is not a core variable, it must be defined in group_vars files.)
  3. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2

If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2