| .. | ||
| defaults | ||
| files | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| tests | ||
| .kitchen.yml | ||
| README.md | ||
minifirewall
Installation of minifirewall a simple and versatile local firewall.
The firewall is not started by default, but an init script is installed.
Tasks
Everything is in the tasks/main.yml file.
Available variables
minifirewall_int: which network interface to protect (default: detected default ipv4 interface)minifirewall_ipv6_enabled: (default:on)minifirewall_int_lan: (default: IP/32)minifirewall_trusted_ips: with IP/hosts should be trusted for full access (default: none)minifirewall_privilegied_ips: with IP/hosts should be trusted for restricted access (default: none)minifirewall_tail_included: source a "tail" file at the end of the main config file (default:False)minifirewall_tail_force: overwrite the "tail" file (default:True)minifirewall_restart_if_needed: should the restart handler be executed (default:True)minifirewall_restart_force: force restart minifirewall at the end of the role execution (default:False)minifirewall_autostart: enable minifirewall start at boot time (default:False) The full list of variables (with default values) can be found indefaults/main.yml.
Some IP/hosts must be configured or the server will be inaccessible via network.
minifirewall-tail
Compiles a minifirewall.tail file based on templates and source it at the end of minifirewall configuration.
Templates are looked up in that order :
{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2(NB :host_groupis not a core variable, it must be defined ingroup_varsfiles.){{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2
If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2