evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 16 Releases 34 Wiki Activity
ansible-roles/minifirewall
History
Patrick Marchand ff9e1e80aa
All checks were successful
continuous-integration/drone/push Build is passing
Details
Fix for minifirewall bug in 8d352f100e 
The default OS websites would override all the default http sites.
I removed those default http sites from the file and put them in
the minifirewall_http_sites list. Since this would override the
list anyway, it doesnt change much, except that someone who doesnt
want to use the OS default websites should also override the related
variables (minifirewall_default_*_http_sites)

fixes #65
2019-07-03 09:04:17 -04:00
..
defaults Fix for minifirewall bug in 8d352f100e 2019-07-03 09:04:17 -04:00
files Fix for minifirewall bug in 8d352f100e 2019-07-03 09:04:17 -04:00
handlers Add minifirewal_status and check_minifirewall 2018-04-06 09:52:18 +02:00
meta change repositories URL 2019-03-21 15:31:58 +01:00
tasks Fix for minifirewall bug in 8d352f100e 2019-07-03 09:04:17 -04:00
templates change repositories URL 2019-03-21 15:31:58 +01:00
tests Minifirewall: install Git for tests 2017-07-13 16:36:27 +02:00
.kitchen.yml Kitchen: Change base image to evolix/ansible 2017-06-02 08:38:08 -04:00
README.md minifirewall: improve variables values and documentation 2018-08-30 17:06:21 +02:00

README.md

minifirewall

Installation of minifirewall a simple and versatile local firewall.

The firewall is not started by default, but an init script is installed.

Tasks

Everything is in the tasks/main.yml file.

Available variables

  • minifirewall_int: which network interface to protect (default: detected default ipv4 interface)
  • minifirewall_ipv6_enabled: (default: on)
  • minifirewall_int_lan: (default: IP/32)
  • minifirewall_trusted_ips: with IP/hosts should be trusted for full access (default: none)
  • minifirewall_privilegied_ips: with IP/hosts should be trusted for restricted access (default: none)
  • minifirewall_tail_included : source a "tail" file at the end of the main config file (default: False)
  • minifirewall_tail_force : overwrite the "tail" file (default: True)
  • minifirewall_restart_if_needed : should the restart handler be executed (default: True)
  • minifirewall_restart_force : force restart minifirewall at the end of the role execution (default: False)
  • minifirewall_autostart : enable minifirewall start at boot time (default: False) The full list of variables (with default values) can be found in defaults/main.yml.

Some IP/hosts must be configured or the server will be inaccessible via network.

minifirewall-tail

Compiles a minifirewall.tail file based on templates and source it at the end of minifirewall configuration.

Templates are looked up in that order :

  1. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2
  2. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2 (NB : host_group is not a core variable, it must be defined in group_vars files.)
  3. {{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2

If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2