evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 33 Wiki Activity
ansible-roles/minifirewall/defaults/main.yml
Patrick Marchand ff9e1e80aa
All checks were successful
continuous-integration/drone/push Build is passing
Details
Fix for minifirewall bug in 8d352f100e 
The default OS websites would override all the default http sites.
I removed those default http sites from the file and put them in
the minifirewall_http_sites list. Since this would override the
list anyway, it doesnt change much, except that someone who doesnt
want to use the OS default websites should also override the related
variables (minifirewall_default_*_http_sites)

fixes #65
2019-07-03 09:04:17 -04:00

68 lines
2.1 KiB
YAML
Raw Blame History

---
minifirewall_main_file: /etc/default/minifirewall
minifirewall_tail_file: /etc/default/minifirewall.tail
minifirewall_tail_included: False
minifirewall_tail_force: True
minifirewall_git_url: "https://forge.evolix.org/minifirewall.git"
minifirewall_checkout_path: "/tmp/minifirewall"
minifirewall_int: "{{ ansible_default_ipv4.interface }}"
minifirewall_ipv6: "on"
minifirewall_intlan: "{{ ansible_default_ipv4.address }}/32"
minifirewall_default_trusted_ips: []
minifirewall_additional_trusted_ips: []
# and default to ['0.0.0.0/0'] if the result is still empty
minifirewall_trusted_ips: "{{ minifirewall_default_trusted_ips | union(minifirewall_additional_trusted_ips) | unique | default(['0.0.0.0/0'], true) }}"
minifirewall_privilegied_ips: []
minifirewall_protected_ports_tcp: [22]
minifirewall_protected_ports_udp: []
minifirewall_public_ports_tcp: [25, 53, 443, 993, 995, 2222]
minifirewall_public_ports_udp: [53]
minifirewall_semipublic_ports_tcp: [20, 21, 22, 80, 110, 143]
minifirewall_semipublic_ports_udp: []
minifirewall_private_ports_tcp: [5666]
minifirewall_private_ports_udp: []
# Keep a null value to leave the setting as is
# otherwise use an Array, eg. "minifirewall_ssh_ok: ['0.0.0.0/0']"
minifirewall_dns_servers: Null
minifirewall_http_sites:
- pub.evolix.net
- mirror.evolix.org
- hwraid.le-vert.net
- antispam00.evolix.org
- spamassassin.apache.org
- sa-update.space-pro.be
- sa-update.secnap.net
- www.sa-update.pccc.com
- sa-update.dnswl.org
minifirewall_https_sites: Null
minifirewall_ftp_sites: Null
minifirewall_ssh_ok: Null
minifirewall_smtp_ok: Null
minifirewall_smtp_secure_ok: Null
minifirewall_ntp_ok: Null
minifirewall_default_debian_http_sites:
- security.debian.org
- security-cdn.debian.org
- volatile.debian.org
- backports.debian.org
minifirewall_default_ubuntu_http_sites:
- archive.ubuntu.com
- security.ubuntu.com
minifirewall_autostart: False
minifirewall_restart_if_needed: True
minifirewall_restart_force: False
evomaintenance_hosts: []
nagios_plugins_directory: "/usr/local/lib/nagios/plugins"
Reference in a new issue View git blame Copy permalink