ansible-roles/minifirewall
Jérémy Lecour 97b0225232 Minifirewall can deal with evomaintenance
Each role has to know how to deal with the other.
Otherwise, depending on order of execution, the firewall might not
allow connections for evomaintenance
2017-10-08 00:00:24 +02:00
..
defaults Minifirewall can deal with evomaintenance 2017-10-08 00:00:24 +02:00
files minifirewall: embed files instead of git clone 2017-07-27 22:55:07 -04:00
meta Ansible >= 2.2 supported 2017-03-24 14:15:09 +01:00
tasks Minifirewall can deal with evomaintenance 2017-10-08 00:00:24 +02:00
templates minifirewall: merge the "tail" pattern back into the main role 2017-07-13 15:06:49 +02:00
tests Minifirewall: install Git for tests 2017-07-13 16:36:27 +02:00
.kitchen.yml Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
README.md minifirewall: merge the "tail" pattern back into the main role 2017-07-13 15:06:49 +02:00

README.md

minifirewall

Installation of minifirewall a simple and versatile local firewall.

The firewall is not started by default, but an init script is installed.

Tasks

Everything is in the tasks/main.yml file.

Available variables

  • minifirewall_int: which network interface to protect (default: detected default ipv4 interface)
  • minifirewall_ipv6_enabled: (default: on)
  • minifirewall_int_lan: (default: IP/32)
  • minifirewall_trusted_ips: with IP/hosts should be trusted for full access (default: none)
  • minifirewall_privilegied_ips: with IP/hosts should be trusted for restricted access (default: none)
  • minifirewall_tail_included : source a "tail" file at the end of the main config file. (default: False) The full list of variables (with default values) can be found in defaults/main.yml.

Some IP/hosts must be configured or the server will be inaccessible via network.

minifirewall-tail

Compiles a minifirewall.tail file based on templates and source it at the end of minifirewall configuration.

Templates are looked up in that order :

  1. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2
  2. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2 (NB : host_group is not a core variable, it must be defined in group_vars files.)
  3. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2

If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2