ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move firewall script to roles. Adjust hosts. ..

Browse Source
This commit is contained in:
Christoph
2019-09-04 04:04:57 +02:00
parent 3e4b1cf988
commit 444674e8f7
16 changed files with 2012 additions and 1311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
roles/firewall/defaults/main.yml Normal file
View File

@ -0,0 +1,40 @@
---
is_dns_server: false
is_local_resolver: false
resolver_allowed_ipv4_networks: ""
resolver_allowed_ipv6_networks: ""
is_ntp_server: false
ntp_allowed_ipv4_net: ""
ntp_allowed_ipv6_net: ""
is_web_server: false
is_mail_server: false
dovecot_auth_service_port: ""
has_dovecot_auth_service_ipv4: false
has_dovecot_auth_service_ipv6: false
dovecot_auth_allowed_network_ipv4: {}
dovecot_auth_allowed_network_ipv6: {}
is_list_server: false
is_ftp_server: false
is_xmpp_server: false
xmpp_has_dovecot_auth: false
xmpp_dovecot_auth_service_ipv4: ""
xmpp_dovecot_auth_service_ipv6: ""
is_mumble_server: false
sshd_ports:
- 1036
git_firewall_repository:
name: ipt-server
repo: https://git.oopen.de/firewall/ipt-server
dest: /usr/local/src/ipt-server

20
roles/firewall/handlers/main.yml Normal file
View File

@ -0,0 +1,20 @@
- name: Restart ulogd
service:
name: ulogd
state: restarted
- name: Restart IPv4 Firewall
service:
name: ipt-firewall
state: restarted
when:
- interfaces_ipv4_exists.stat.exists
- main_ipv4_exists.stat.exists
- name: Restart IPv6 Firewall
service:
name: ip6t-firewall
state: restarted
when:
- interfaces_ipv6_exists.stat.exists
- main_ipv6_exists.stat.exists

1733
roles/firewall/tasks/main.yml Normal file
View File

File diff suppressed because it is too large Load Diff

16
roles/firewall/templates/etc/systemd/system/ip6t-firewall.service.j2 Normal file
View File

@ -0,0 +1,16 @@
# {{ ansible_managed }}
[Unit]
Description=IPv6 Firewall with ip6tables
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/ip6t-firewall-server start
ExecStop=/usr/local/sbin/ip6t-firewall-server stop
User=root
[Install]
WantedBy=multi-user.target

16
roles/firewall/templates/etc/systemd/system/ipt-firewall.service.j2 Normal file
View File

@ -0,0 +1,16 @@
# {{ ansible_managed }}
[Unit]
Description=IPv4 Firewall with iptables
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/sbin/ipt-firewall-server start
ExecStop=/usr/local/sbin/ipt-firewall-server stop
User=root
[Install]
WantedBy=multi-user.target