Add ipt-server role with firewall configuration and management

- Created handlers for reloading systemd and restarting firewall services. - Implemented tasks to ensure the existence of configuration directories and files. - Deployed host-specific and shared configuration files using templates. - Added scripts for managing IPv4 and IPv6 firewalls. - Configured systemd service units for ipt-firewall and ip6t-firewall. - Enabled and started firewall services on system boot.
2026-06-26 19:30:01 +02:00
parent 0158e3738f
commit 9798ca9cd6
24 changed files with 10019 additions and 0 deletions
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+# {{ ansible_managed }}
+
+
+# -------------
+# --- Network Interfaces
+# -------------
+
+# - External interface(s)
+#
+ext_if_1="{{ fw_ext_interfaces[0] if fw_ext_interfaces | length >= 1 else '' }}"
+ext_if_2="{{ fw_ext_interfaces[1] if fw_ext_interfaces | length >= 2 else '' }}"
+ext_if_3="{{ fw_ext_interfaces[2] if fw_ext_interfaces | length >= 3 else '' }}"
+
+ext_ifs="{{ fw_ext_interfaces | join(' ') }}"
+
+
+# - VPN Interfaces
+# -    (comma separated list)
+vpn_ifs="{{ fw_vpn_ifs }}"
+
+
+# - Wireguard Interfaces
+# -    (comma separated list)
+wg_ifs="{{ fw_wg_ifs }}"
+
+
+# - Local Interfaces
+local_if_1="{{ fw_local_interfaces[0] if fw_local_interfaces | length >= 1 else '' }}"
+local_if_2="{{ fw_local_interfaces[1] if fw_local_interfaces | length >= 2 else '' }}"
+local_if_3="{{ fw_local_interfaces[2] if fw_local_interfaces | length >= 3 else '' }}"
+
+local_ifs="{{ fw_local_interfaces | join(' ') }}"
+
+
+# -------------
+# --- IP-Addresses
+# -------------
+
+# - Extern IP Addresses on this Host
+#
+ext_1_ip="{{ fw_ext_ips_v6[0] if fw_ext_ips_v6 | length >= 1 else '' }}"
+ext_2_ip="{{ fw_ext_ips_v6[1] if fw_ext_ips_v6 | length >= 2 else '' }}"
+ext_3_ip="{{ fw_ext_ips_v6[2] if fw_ext_ips_v6 | length >= 3 else '' }}"
+
+ext_ips="{{ fw_ext_ips_v6 | join(' ') }}"
+
+local_1_ip="{{ fw_local_ips_v6[0] if fw_local_ips_v6 | length >= 1 else '' }}"
+local_2_ip="{{ fw_local_ips_v6[1] if fw_local_ips_v6 | length >= 2 else '' }}"
+local_3_ip="{{ fw_local_ips_v6[2] if fw_local_ips_v6 | length >= 3 else '' }}"
+
+local_ips="{{ fw_local_ips_v6 | join(' ') }}"
+
+
+# -------------
+# --- IP-Addresses LXC Guest Systems
+# -------------
+
+lxc_guest_1_ip="{{ fw_lxc_guest_ips_v6[0] if fw_lxc_guest_ips_v6 | length >= 1 else '' }}"
+lxc_guest_2_ip="{{ fw_lxc_guest_ips_v6[1] if fw_lxc_guest_ips_v6 | length >= 2 else '' }}"
+lxc_guest_3_ip="{{ fw_lxc_guest_ips_v6[2] if fw_lxc_guest_ips_v6 | length >= 3 else '' }}"
+lxc_guest_4_ip="{{ fw_lxc_guest_ips_v6[3] if fw_lxc_guest_ips_v6 | length >= 4 else '' }}"
+lxc_guest_5_ip="{{ fw_lxc_guest_ips_v6[4] if fw_lxc_guest_ips_v6 | length >= 5 else '' }}"
+lxc_guest_6_ip="{{ fw_lxc_guest_ips_v6[5] if fw_lxc_guest_ips_v6 | length >= 6 else '' }}"
+lxc_guest_7_ip="{{ fw_lxc_guest_ips_v6[6] if fw_lxc_guest_ips_v6 | length >= 7 else '' }}"
+
+lxc_guest_ips="{{ fw_lxc_guest_ips_v6 | join(' ') }}"