update..
This commit is contained in:
parent
58a501fe81
commit
a932167bc6
@ -550,12 +550,15 @@ samba_user:
|
|||||||
# Natalie Maier
|
# Natalie Maier
|
||||||
- name : n.maier
|
- name : n.maier
|
||||||
groups:
|
groups:
|
||||||
|
- administration
|
||||||
|
- altlasten
|
||||||
- archiv
|
- archiv
|
||||||
- ausstellungen
|
- ausstellungen
|
||||||
- buero
|
- buero
|
||||||
- forschung
|
- forschung
|
||||||
- gedenken-im-stadtraum
|
- gedenken-im-stadtraum
|
||||||
- intern
|
- intern
|
||||||
|
- leitung
|
||||||
- museum-organisation
|
- museum-organisation
|
||||||
- presse-orga-oeffentlichkeit
|
- presse-orga-oeffentlichkeit
|
||||||
- projekte
|
- projekte
|
||||||
@ -564,6 +567,7 @@ samba_user:
|
|||||||
- team
|
- team
|
||||||
- technik
|
- technik
|
||||||
- veranstaltungen
|
- veranstaltungen
|
||||||
|
- vermittlung
|
||||||
- vermietung
|
- vermietung
|
||||||
- vze
|
- vze
|
||||||
- fhxb-bildarchiv
|
- fhxb-bildarchiv
|
||||||
|
|||||||
@ -116,15 +116,6 @@ bind9_gateway_listen_on:
|
|||||||
# vars used by roles/common/tasks/git.yml
|
# vars used by roles/common/tasks/git.yml
|
||||||
# ---
|
# ---
|
||||||
|
|
||||||
git_firewall_repository:
|
|
||||||
name: ipt-gateway
|
|
||||||
repo: https://git.oopen.de/firewall/ipt-gateway
|
|
||||||
dest: /usr/local/src/ipt-gateway
|
|
||||||
|
|
||||||
# ---
|
|
||||||
# vars used by roles/common/tasks/git.yml
|
|
||||||
# ---
|
|
||||||
|
|
||||||
git_firewall_repository:
|
git_firewall_repository:
|
||||||
name: ipt-gateway
|
name: ipt-gateway
|
||||||
repo: https://git.oopen.de/firewall/ipt-gateway
|
repo: https://git.oopen.de/firewall/ipt-gateway
|
||||||
|
|||||||
@ -142,6 +142,76 @@ sshd_hostkeyalgorithms:
|
|||||||
# ---
|
# ---
|
||||||
|
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# vars used by roles/common/tasks/systemd-resolved.yml
|
||||||
|
# ---
|
||||||
|
|
||||||
|
systemd_resolved: true
|
||||||
|
|
||||||
|
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
|
||||||
|
# Primäre DNS-Adresse: 38.132.106.139
|
||||||
|
# Sekundäre DNS-Adresse: 194.187.251.67
|
||||||
|
#
|
||||||
|
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 1.1.1.1
|
||||||
|
# IPv6: 2606:4700:4700::1111
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 1.0.0.1
|
||||||
|
# IPv6: 2606:4700:4700::1001
|
||||||
|
#
|
||||||
|
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 8.8.8.8
|
||||||
|
# IPv6: 2001:4860:4860::8888
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 8.8.4.4
|
||||||
|
# IPv6: 2001:4860:4860::8844
|
||||||
|
#
|
||||||
|
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 9.9.9.9
|
||||||
|
# IPv6: 2620:fe::fe
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 149.112.112.112
|
||||||
|
# IPv6: 2620:fe::9
|
||||||
|
#
|
||||||
|
# OpenNIC - https://www.opennic.org/
|
||||||
|
# IPv4: 195.10.195.195 - ns31.de
|
||||||
|
# IPv4: 94.16.114.254 - ns28.de
|
||||||
|
# IPv4: 51.254.162.59 - ns9.de
|
||||||
|
# IPv4: 194.36.144.87 - ns29.de
|
||||||
|
# IPv6: 2a00:f826:8:2::195 - ns31.de
|
||||||
|
#
|
||||||
|
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
|
||||||
|
# IPv4: 5.1.66.255
|
||||||
|
# IPv6: 2001:678:e68:f000::
|
||||||
|
# Servername für DNS-over-TLS: dot.ffmuc.net
|
||||||
|
# IPv4: 185.150.99.255
|
||||||
|
# IPv6: 2001:678:ed0:f000::
|
||||||
|
# Servername für DNS-over-TLS: dot.ffmuc.net
|
||||||
|
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
|
||||||
|
resolved_nameserver:
|
||||||
|
- 127.0.0.1
|
||||||
|
|
||||||
|
# search domains
|
||||||
|
#
|
||||||
|
# If there are more than one search domains, then specify them here in the order in which
|
||||||
|
# the resolver should also search them
|
||||||
|
#
|
||||||
|
#resolved_domains: []
|
||||||
|
resolved_domains:
|
||||||
|
- ~.
|
||||||
|
- oopen.de
|
||||||
|
|
||||||
|
resolved_dnssec: true
|
||||||
|
|
||||||
|
# dns.as250.net: 194.150.168.168
|
||||||
|
#
|
||||||
|
resolved_fallback_nameserver:
|
||||||
|
- 194.150.168.168
|
||||||
|
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# vars used by roles/common/tasks/users.yml
|
# vars used by roles/common/tasks/users.yml
|
||||||
# ---
|
# ---
|
||||||
|
|||||||
@ -150,6 +150,78 @@ network_interfaces:
|
|||||||
# ---
|
# ---
|
||||||
|
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# vars used by roles/common/tasks/systemd-resolved.yml
|
||||||
|
# ---
|
||||||
|
|
||||||
|
systemd_resolved: true
|
||||||
|
|
||||||
|
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
|
||||||
|
# Primäre DNS-Adresse: 38.132.106.139
|
||||||
|
# Sekundäre DNS-Adresse: 194.187.251.67
|
||||||
|
#
|
||||||
|
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 1.1.1.1
|
||||||
|
# IPv6: 2606:4700:4700::1111
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 1.0.0.1
|
||||||
|
# IPv6: 2606:4700:4700::1001
|
||||||
|
#
|
||||||
|
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 8.8.8.8
|
||||||
|
# IPv6: 2001:4860:4860::8888
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 8.8.4.4
|
||||||
|
# IPv6: 2001:4860:4860::8844
|
||||||
|
#
|
||||||
|
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 9.9.9.9
|
||||||
|
# IPv6: 2620:fe::fe
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 149.112.112.112
|
||||||
|
# IPv6: 2620:fe::9
|
||||||
|
#
|
||||||
|
# OpenNIC - https://www.opennic.org/
|
||||||
|
# IPv4: 195.10.195.195 - ns31.de
|
||||||
|
# IPv4: 94.16.114.254 - ns28.de
|
||||||
|
# IPv4: 51.254.162.59 - ns9.de
|
||||||
|
# IPv4: 194.36.144.87 - ns29.de
|
||||||
|
# IPv6: 2a00:f826:8:2::195 - ns31.de
|
||||||
|
#
|
||||||
|
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
|
||||||
|
# IPv4: 5.1.66.255
|
||||||
|
# IPv6: 2001:678:e68:f000::
|
||||||
|
# Servername für DNS-over-TLS: dot.ffmuc.net
|
||||||
|
# IPv4: 185.150.99.255
|
||||||
|
# IPv6: 2001:678:ed0:f000::
|
||||||
|
# Servername für DNS-over-TLS: dot.ffmuc.net
|
||||||
|
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
|
||||||
|
resolved_nameserver:
|
||||||
|
- 195.201.179.131
|
||||||
|
- 95.217.204.204
|
||||||
|
|
||||||
|
# search domains
|
||||||
|
#
|
||||||
|
# If there are more than one search domains, then specify them here in the order in which
|
||||||
|
# the resolver should also search them
|
||||||
|
#
|
||||||
|
#resolved_domains: []
|
||||||
|
resolved_domains:
|
||||||
|
- ~.
|
||||||
|
- oopen.de
|
||||||
|
|
||||||
|
resolved_dnssec: true
|
||||||
|
|
||||||
|
# dns.as250.net: 194.150.168.168
|
||||||
|
#
|
||||||
|
resolved_fallback_nameserver:
|
||||||
|
- 194.150.168.168
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# vars used by roles/common/tasks/users.yml
|
# vars used by roles/common/tasks/users.yml
|
||||||
# ---
|
# ---
|
||||||
|
|||||||
@ -150,6 +150,80 @@ network_interfaces:
|
|||||||
# ---
|
# ---
|
||||||
|
|
||||||
|
|
||||||
|
# ---
|
||||||
|
# vars used by roles/common/tasks/systemd-resolved.yml
|
||||||
|
# ---
|
||||||
|
|
||||||
|
systemd_resolved: true
|
||||||
|
|
||||||
|
# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie
|
||||||
|
# Primäre DNS-Adresse: 38.132.106.139
|
||||||
|
# Sekundäre DNS-Adresse: 194.187.251.67
|
||||||
|
#
|
||||||
|
# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 1.1.1.1
|
||||||
|
# IPv6: 2606:4700:4700::1111
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 1.0.0.1
|
||||||
|
# IPv6: 2606:4700:4700::1001
|
||||||
|
#
|
||||||
|
# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 8.8.8.8
|
||||||
|
# IPv6: 2001:4860:4860::8888
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 8.8.4.4
|
||||||
|
# IPv6: 2001:4860:4860::8844
|
||||||
|
#
|
||||||
|
# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug
|
||||||
|
# primäre DNS-Adresse
|
||||||
|
# IPv4: 9.9.9.9
|
||||||
|
# IPv6: 2620:fe::fe
|
||||||
|
# sekundäre DNS-Adresse
|
||||||
|
# IPv4: 149.112.112.112
|
||||||
|
# IPv6: 2620:fe::9
|
||||||
|
#
|
||||||
|
# OpenNIC - https://www.opennic.org/
|
||||||
|
# IPv4: 195.10.195.195 - ns31.de
|
||||||
|
# IPv4: 94.16.114.254 - ns28.de
|
||||||
|
# IPv4: 51.254.162.59 - ns9.de
|
||||||
|
# IPv4: 194.36.144.87 - ns29.de
|
||||||
|
# IPv6: 2a00:f826:8:2::195 - ns31.de
|
||||||
|
#
|
||||||
|
# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS)
|
||||||
|
# IPv4: 5.1.66.255
|
||||||
|
# IPv6: 2001:678:e68:f000::
|
||||||
|
# Servername für DNS-over-TLS: dot.ffmuc.net
|
||||||
|
# IPv4: 185.150.99.255
|
||||||
|
# IPv6: 2001:678:ed0:f000::
|
||||||
|
# Servername für DNS-over-TLS: dot.ffmuc.net
|
||||||
|
# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb)
|
||||||
|
resolved_nameserver:
|
||||||
|
- 195.201.179.131
|
||||||
|
- 95.217.204.204
|
||||||
|
- 213.133.100.100
|
||||||
|
- 213.133.98.98
|
||||||
|
|
||||||
|
# search domains
|
||||||
|
#
|
||||||
|
# If there are more than one search domains, then specify them here in the order in which
|
||||||
|
# the resolver should also search them
|
||||||
|
#
|
||||||
|
#resolved_domains: []
|
||||||
|
resolved_domains:
|
||||||
|
- ~.
|
||||||
|
- oopen.de
|
||||||
|
|
||||||
|
resolved_dnssec: true
|
||||||
|
|
||||||
|
# dns.as250.net: 194.150.168.168
|
||||||
|
#
|
||||||
|
resolved_fallback_nameserver:
|
||||||
|
- 194.150.168.168
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# vars used by roles/common/tasks/users.yml
|
# vars used by roles/common/tasks/users.yml
|
||||||
# ---
|
# ---
|
||||||
|
|||||||
@ -204,6 +204,7 @@ resolved_nameserver:
|
|||||||
#
|
#
|
||||||
#resolved_domains: []
|
#resolved_domains: []
|
||||||
resolved_domains:
|
resolved_domains:
|
||||||
|
- ~.
|
||||||
- oopen.de
|
- oopen.de
|
||||||
|
|
||||||
resolved_dnssec: true
|
resolved_dnssec: true
|
||||||
|
|||||||
@ -444,6 +444,12 @@ samba_user:
|
|||||||
- beratung
|
- beratung
|
||||||
password: 't!ne*2018'
|
password: 't!ne*2018'
|
||||||
|
|
||||||
|
- name: ute
|
||||||
|
groups:
|
||||||
|
- buero
|
||||||
|
- beratung
|
||||||
|
password: '23_ut3*obs'
|
||||||
|
|
||||||
- name: vali
|
- name: vali
|
||||||
groups:
|
groups:
|
||||||
- buero
|
- buero
|
||||||
|
|||||||
@ -168,3 +168,5 @@
|
|||||||
91.193.19.0/24
|
91.193.19.0/24
|
||||||
# US
|
# US
|
||||||
103.125.147.0/24
|
103.125.147.0/24
|
||||||
|
# US
|
||||||
|
79.141.173.0/24
|
||||||
|
|||||||
@ -122,63 +122,123 @@
|
|||||||
|
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
# IP Address Filtering Gaming Devices
|
# Restrict VPN Networks
|
||||||
# ---
|
# ---
|
||||||
|
|
||||||
- name: Check if String 'gaming_device_ip_addresses..' (IPv4) is present
|
- name: Check if String 'restrict_vpn_net_to_local_service..' (IPv4) is present
|
||||||
shell: grep -q -E "^#?gaming_device_ip_addresses=" /etc/ipt-firewall/main_ipv4.conf
|
shell: grep -q -E "^#?restrict_vpn_net_to_local_service=" /etc/ipt-firewall/main_ipv4.conf
|
||||||
register: gaming_device_ip_addresses_ipv4_present
|
register: restrict_vpn_net_to_local_service_ipv4_present
|
||||||
when: main_ipv4_exists.stat.exists
|
when: main_ipv4_exists.stat.exists
|
||||||
failed_when: "gaming_device_ip_addresses_ipv4_present.rc > 1"
|
failed_when: "restrict_vpn_net_to_local_service_ipv4_present.rc > 1"
|
||||||
changed_when: "gaming_device_ip_addresses_ipv4_present.rc > 0"
|
changed_when: "restrict_vpn_net_to_local_service_ipv4_present.rc > 0"
|
||||||
|
|
||||||
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (gaming_device_ip_addresses)
|
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (restrict_vpn_net_to_local_service)
|
||||||
blockinfile:
|
blockinfile:
|
||||||
path: /etc/ipt-firewall/main_ipv4.conf
|
path: /etc/ipt-firewall/main_ipv4.conf
|
||||||
insertafter: '^#?\s*gaming_device_mac_addresses='
|
insertafter: '^#?\s*vpn_out_ports='
|
||||||
block: |
|
block: |
|
||||||
|
|
||||||
# =============
|
# -----
|
||||||
# - IP Address Filtering Gaming Devices
|
# - Restrict VPN Network to local Service
|
||||||
# =============
|
# -----#
|
||||||
|
|
||||||
# - IP adresses here are only allowed connect to internet but NOT to loacl services and networks
|
# - restrict_vpn_net_to_local_service
|
||||||
|
# -
|
||||||
|
# - allow_ext_net_to_local_service="vpn-net:local-address:port:protocol [vpn-net:local-address:port:protocol] [..]"
|
||||||
|
# -
|
||||||
|
# - Note:
|
||||||
|
# - =====
|
||||||
|
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - restrict_vpn_net_to_local_service="
|
||||||
|
# - 10.100.112.0/24:192.168.112.192/27:80:tcp
|
||||||
|
# - 10.100.112.0/24:192.168.112.192/27:443:tcp
|
||||||
|
# - "
|
||||||
# -
|
# -
|
||||||
# - Blank separated list
|
# - Blank separated list
|
||||||
# -
|
# -
|
||||||
gaming_device_ip_addresses=""
|
restrict_vpn_net_to_local_service=""
|
||||||
marker: "# Marker set by modify-ipt-gateway.yml (gaming_device_ip_addresses)"
|
|
||||||
|
|
||||||
|
# -----
|
||||||
|
# - Restrict VPN Network to local (Sub) network
|
||||||
|
# -----
|
||||||
|
|
||||||
|
# - restrict_vpn_net_to_local_subnet
|
||||||
|
# -
|
||||||
|
# - restrict_vpn_net_to_local_subnet="<src-vpn-net>:<dst-local-net> [<src-vpn-net>:<dst-local-net>} [..]
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - restrict_vpn_net_to_local_subnet="
|
||||||
|
# - 10.100.112.0/24:192.168.112.192/27
|
||||||
|
# - "
|
||||||
|
# -
|
||||||
|
# - Blank separated list
|
||||||
|
# -
|
||||||
|
restrict_vpn_net_to_local_subnet=""
|
||||||
|
marker: "# Marker set by modify-ipt-gateway.yml (restrict_vpn_net_to_local_service)"
|
||||||
when:
|
when:
|
||||||
- main_ipv4_exists.stat.exists
|
- main_ipv4_exists.stat.exists
|
||||||
- gaming_device_ip_addresses_ipv4_present is changed
|
- restrict_vpn_net_to_local_service_ipv4_present is changed
|
||||||
|
|
||||||
|
|
||||||
- name: Check if String 'gaming_device_ip_addresses..' (IPv6) is present
|
- name: Check if String 'restrict_vpn_net_to_local_service..' (IPv6) is present
|
||||||
shell: grep -q -E "^#?gaming_device_ip_addresses=" /etc/ipt-firewall/main_ipv6.conf
|
shell: grep -q -E "^#?restrict_vpn_net_to_local_service=" /etc/ipt-firewall/main_ipv6.conf
|
||||||
register: gaming_device_ip_addresses_ipv6_present
|
register: restrict_vpn_net_to_local_service_ipv6_present
|
||||||
when: main_ipv6_exists.stat.exists
|
when: main_ipv6_exists.stat.exists
|
||||||
failed_when: "gaming_device_ip_addresses_ipv6_present.rc > 1"
|
failed_when: "restrict_vpn_net_to_local_service_ipv6_present.rc > 1"
|
||||||
changed_when: "gaming_device_ip_addresses_ipv6_present.rc > 0"
|
changed_when: "restrict_vpn_net_to_local_service_ipv6_present.rc > 0"
|
||||||
|
|
||||||
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (gaming_device_ip_addresses)
|
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (restrict_vpn_net_to_local_service)
|
||||||
blockinfile:
|
blockinfile:
|
||||||
path: /etc/ipt-firewall/main_ipv6.conf
|
path: /etc/ipt-firewall/main_ipv6.conf
|
||||||
insertafter: '^#?\s*gaming_device_mac_addresses='
|
insertafter: '^#?\s*vpn_out_ports='
|
||||||
block: |
|
block: |
|
||||||
|
|
||||||
# =============
|
# -----
|
||||||
# - IP Address Filtering Gaming Devices
|
# - Restrict VPN Network to local Service
|
||||||
# =============
|
# -----#
|
||||||
|
|
||||||
# - IP adresses here are only allowed connect to internet but NOT to loacl services and networks
|
# - restrict_vpn_net_to_local_service
|
||||||
|
# -
|
||||||
|
# - allow_ext_net_to_local_service="vpn-net,local-address,port,protocol [vpn-net,local-address,port,protocol] [..]"
|
||||||
|
# -
|
||||||
|
# - Note:
|
||||||
|
# - =====
|
||||||
|
# - - Only 'tcp' and 'udp' are allowed valuse for protocol.
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - restrict_vpn_net_to_local_service="
|
||||||
|
# - 2001:sc03:dd:bd2f:a63e:eb5f:86a5:d338/64,2003:ec:df3d:ffd:a63e:eb5f:86a5:d338/64,80,tcp
|
||||||
|
# - 2001:sc03:dd:bd2f:a63e:eb5f:86a5:d338/64,2003:ec:df3d:ffd:a63e:eb5f:86a5:d338/64,443,tcp
|
||||||
|
# - "
|
||||||
# -
|
# -
|
||||||
# - Blank separated list
|
# - Blank separated list
|
||||||
# -
|
# -
|
||||||
gaming_device_ip_addresses=""
|
restrict_vpn_net_to_local_service=""
|
||||||
marker: "# Marker set by modify-ipt-gateway.yml (gaming_device_ip_addresses)"
|
|
||||||
|
|
||||||
|
# -----
|
||||||
|
# - Restrict VPN Network to local (Sub) network
|
||||||
|
# -----
|
||||||
|
|
||||||
|
# - restrict_vpn_net_to_local_subnet
|
||||||
|
# -
|
||||||
|
# - restrict_vpn_net_to_local_subnet="<src-vpn-net>,<dst-local-net> [<src-vpn-net>,<dst-local-net>} [..]
|
||||||
|
# -
|
||||||
|
# - Example:
|
||||||
|
# - restrict_vpn_net_to_local_subnet="
|
||||||
|
# - 2001:sc03:dd:bd2f:a63e:eb5f:86a5:d338/64,2003:ec:df3d:ffd:a63e:eb5f:86a5:d338/64
|
||||||
|
# - "
|
||||||
|
# -
|
||||||
|
# - Blank separated list
|
||||||
|
# -
|
||||||
|
restrict_vpn_net_to_local_subnet=""
|
||||||
|
marker: "# Marker set by modify-ipt-gateway.yml (restrict_vpn_net_to_local_service)"
|
||||||
when:
|
when:
|
||||||
- main_ipv6_exists.stat.exists
|
- main_ipv6_exists.stat.exists
|
||||||
- gaming_device_ip_addresses_ipv6_present is changed
|
- restrict_vpn_net_to_local_service_ipv6_present is changed
|
||||||
|
|
||||||
|
|
||||||
# ---
|
# ---
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user