ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update..

Browse Source
This commit is contained in:
Christoph
2026-03-15 15:42:06 +01:00
parent 3a7ad06202
commit 3e39731465
25 changed files with 1191 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
roles/modify-ipt-gateway/tasks/main.yml
View File

@@ -60,46 +60,16 @@
notify:
- Restart IPv6 Firewall
- name: addjust line 'jitsi_udp_ports' (IPv4)
- name: addjust line 'dynaddr_flag' (IPv4)
lineinfile:
path: /etc/ipt-firewall/main_ipv4.conf
regexp: '^jitsi_udp_ports='
line: 'jitsi_udp_ports="$standard_jitsi_udp_ports"'
regexp: '^dynaddr_flag='
line: 'dynaddr_flag="$default_dynaddr_flag"'
when:
- main_ipv4_exists.stat.exists
notify:
- Restart IPv4 Firewall
- name: addjust line 'jitsi_udp_ports' (IPv6)
lineinfile:
path: /etc/ipt-firewall/main_ipv6.conf
regexp: '^jitsi_udp_ports='
line: 'jitsi_udp_ports="$standard_jitsi_udp_ports"'
when:
- main_ipv6_exists.stat.exists
notify:
- Restart IPv6 Firewall
- name: addjust line 'bigbluebutton_udp_ports' (IPv4)
lineinfile:
path: /etc/ipt-firewall/main_ipv4.conf
regexp: '^bigbluebutton_udp_ports='
line: 'bigbluebutton_udp_ports="$standard_bigbluebutton_udp_ports"'
when:
- main_ipv4_exists.stat.exists
notify:
- Restart IPv4 Firewall
- name: addjust line 'bigbluebutton_udp_ports' (IPv6)
lineinfile:
path: /etc/ipt-firewall/main_ipv6.conf
regexp: '^bigbluebutton_udp_ports='
line: 'bigbluebutton_udp_ports="$standard_bigbluebutton_udp_ports"'
when:
- main_ipv6_exists.stat.exists
notify:
- Restart IPv6 Firewall
- name: addjust line 'adjust_kernel_parameters' (IPv6)
lineinfile:
path: /etc/ipt-firewall/main_ipv6.conf
@@ -120,7 +90,6 @@
notify:
- Restart IPv6 Firewall
- name: addjust line 'blocked_ips' (IPv4)
lineinfile:
path: /etc/ipt-firewall/main_ipv4.conf
@@ -138,65 +107,83 @@
# ---
# Add additional SMTP ports OUT
# Add MS SQL Datenbank Services
# ---
- name: Check if String 'allow_ipmi_request_in..' (IPv4) is present
shell: grep -q -E "^#?allow_ipmi_request_in=" /etc/ipt-firewall/main_ipv4.conf
register: allow_ipmi_request_in_ipv4_present
- name: Check if String 'ms_sql_server_local_ips..' (IPv4) is present
shell: grep -q -E "^#?ms_sql_server_local_ips=" /etc/ipt-firewall/main_ipv4.conf
register: ms_sql_server_local_ips_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "allow_ipmi_request_in_ipv4_present.rc > 1"
changed_when: "allow_ipmi_request_in_ipv4_present.rc > 0"
failed_when: "ms_sql_server_local_ips_ipv4_present.rc > 1"
changed_when: "ms_sql_server_local_ips_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_ipmi_request_in)
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (ms_sql_server_local_ips)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*ipmi_tcp_ports='
insertafter: '^#?\s*declare -A samba_server_dmz_arr'
block: |
# - Allow Access to IPMI Interfaces from outside
# ======
# - MS SQL Datenbank Services
# ======
# - MS SQL Datenbank Services
# -
# - Note:
# - In addition, ports
# - Standardports:
# -
# - TCP :443, 3520, 5900
# - UDP: 623
# - Microsoft SQL Server: 1433/tcp (ms-sql-s)
# - Microsoft SQL Monitor: 1434/udp (ms-sql-m)
# -
# - must be forwarded to the IP address of the IPMI network interface in the router (e.g., Fritzbox).
ms_sql_s_tcp_ports="${standard_ms_sql_s_port}"
ms_sql_m_udp_ports="${standard_ms_sql_m_port}"
# - Micrisoft SQL Services local networks
# -
allow_ipmi_request_in=false
marker: "# Marker set by modify-ipt-gateway.yml (allow_ipmi_request_in)"
# - 192.168.10.18
# -
ms_sql_server_local_ips=""
marker: "# Marker set by modify-ipt-gateway.yml (ms_sql_server_local_ips)"
when:
- main_ipv4_exists.stat.exists
- allow_ipmi_request_in_ipv4_present is changed
- ms_sql_server_local_ips_ipv4_present is changed
- name: Check if String 'allow_ipmi_request_in..' (IPv6) is present
shell: grep -q -E "^#?allow_ipmi_request_in=" /etc/ipt-firewall/main_ipv6.conf
register: allow_ipmi_request_in_ipv6_present
- name: Check if String 'ms_sql_server_local_ips..' (IPv6) is present
shell: grep -q -E "^#?ms_sql_server_local_ips=" /etc/ipt-firewall/main_ipv6.conf
register: ms_sql_server_local_ips_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "allow_ipmi_request_in_ipv6_present.rc > 1"
changed_when: "allow_ipmi_request_in_ipv6_present.rc > 0"
failed_when: "ms_sql_server_local_ips_ipv6_present.rc > 1"
changed_when: "ms_sql_server_local_ips_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_ipmi_request_in)
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (ms_sql_server_local_ips)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*ipmi_tcp_ports='
insertafter: '^#?\s*declare -A samba_server_dmz_arr'
block: |
# - Allow Access to IPMI Interfaces from outside
# ======
# - MS SQL Datenbank Services
# ======
# - MS SQL Datenbank Services
# -
# - Note:
# - In addition, ports
# - Standardports:
# -
# - TCP :443, 3520, 5900
# - UDP: 623
# - Microsoft SQL Server: 1433/tcp (ms-sql-s)
# - Microsoft SQL Monitor: 1434/udp (ms-sql-m)
# -
# - must be forwarded to the IP address of the IPMI network interface in the router (e.g., Fritzbox).
ms_sql_s_tcp_ports="${standard_ms_sql_s_port}"
ms_sql_m_udp_ports="${standard_ms_sql_m_port}"
# - Micrisoft SQL Services local networks
# -
allow_ipmi_request_in=false
marker: "# Marker set by modify-ipt-gateway.yml (allow_ipmi_request_in)"
# - 192.168.10.18
# -
ms_sql_server_local_ips=""
marker: "# Marker set by modify-ipt-gateway.yml (ms_sql_server_local_ips)"
when:
- main_ipv6_exists.stat.exists
- allow_ipmi_request_in_ipv6_present is changed
- ms_sql_server_local_ips_ipv6_present is changed
# ---