ansible-roles/minifirewall
Ludovic Poujol 7a865b0ace
continuous-integration/drone/push Build is passing Details
minifirewall: Properly detect alert5.sh to turn on firewall at boot
2020-02-17 16:36:48 +01:00
..
defaults minifirewall: add a variable to force the check scripts update 2019-11-05 10:52:14 +01:00
files minifirewall: no http filtering by default 2019-10-30 14:37:22 +01:00
handlers Add minifirewal_status and check_minifirewall 2018-04-06 09:52:18 +02:00
meta change repositories URL 2019-03-21 15:31:58 +01:00
tasks minifirewall: Properly detect alert5.sh to turn on firewall at boot 2020-02-17 16:36:48 +01:00
templates minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s)) 2020-02-17 10:56:38 +01:00
tests Minifirewall: install Git for tests 2017-07-13 16:36:27 +02:00
.kitchen.yml Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
README.md minifirewall: improve variables values and documentation 2018-08-30 17:06:21 +02:00

README.md

minifirewall

Installation of minifirewall a simple and versatile local firewall.

The firewall is not started by default, but an init script is installed.

Tasks

Everything is in the tasks/main.yml file.

Available variables

  • minifirewall_int: which network interface to protect (default: detected default ipv4 interface)
  • minifirewall_ipv6_enabled: (default: on)
  • minifirewall_int_lan: (default: IP/32)
  • minifirewall_trusted_ips: with IP/hosts should be trusted for full access (default: none)
  • minifirewall_privilegied_ips: with IP/hosts should be trusted for restricted access (default: none)
  • minifirewall_tail_included : source a "tail" file at the end of the main config file (default: False)
  • minifirewall_tail_force : overwrite the "tail" file (default: True)
  • minifirewall_restart_if_needed : should the restart handler be executed (default: True)
  • minifirewall_restart_force : force restart minifirewall at the end of the role execution (default: False)
  • minifirewall_autostart : enable minifirewall start at boot time (default: False) The full list of variables (with default values) can be found in defaults/main.yml.

Some IP/hosts must be configured or the server will be inaccessible via network.

minifirewall-tail

Compiles a minifirewall.tail file based on templates and source it at the end of minifirewall configuration.

Templates are looked up in that order :

  1. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2
  2. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2 (NB : host_group is not a core variable, it must be defined in group_vars files.)
  3. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2

If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2