All checks were successful
continuous-integration/drone/push Build is passing
The default OS websites would override all the default http sites. I removed those default http sites from the file and put them in the minifirewall_http_sites list. Since this would override the list anyway, it doesnt change much, except that someone who doesnt want to use the OS default websites should also override the related variables (minifirewall_default_*_http_sites) fixes #65 |
||
---|---|---|
.. | ||
defaults | ||
files | ||
handlers | ||
meta | ||
tasks | ||
templates | ||
tests | ||
.kitchen.yml | ||
README.md |
minifirewall
Installation of minifirewall a simple and versatile local firewall.
The firewall is not started by default, but an init script is installed.
Tasks
Everything is in the tasks/main.yml
file.
Available variables
minifirewall_int
: which network interface to protect (default: detected default ipv4 interface)minifirewall_ipv6_enabled
: (default:on
)minifirewall_int_lan
: (default: IP/32)minifirewall_trusted_ips
: with IP/hosts should be trusted for full access (default: none)minifirewall_privilegied_ips
: with IP/hosts should be trusted for restricted access (default: none)minifirewall_tail_included
: source a "tail" file at the end of the main config file (default:False
)minifirewall_tail_force
: overwrite the "tail" file (default:True
)minifirewall_restart_if_needed
: should the restart handler be executed (default:True
)minifirewall_restart_force
: force restart minifirewall at the end of the role execution (default:False
)minifirewall_autostart
: enable minifirewall start at boot time (default:False
) The full list of variables (with default values) can be found indefaults/main.yml
.
Some IP/hosts must be configured or the server will be inaccessible via network.
minifirewall-tail
Compiles a minifirewall.tail
file based on templates and source it at the end of minifirewall configuration.
Templates are looked up in that order :
{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ inventory_hostname}}.tail.j2
{{ playbook_dir}}/templates/minifirewall-tail/minifirewall.{{ host_group}}.tail.j2
(NB :host_group
is not a core variable, it must be defined ingroup_vars
files.){{ playbook_dir}}/templates/minifirewall-tail/minifirewall.default.tail.j2
If nothing is found, the role falls back to the template embedded in the role : templates/minifirewall.default.tail.j2