ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update..

Browse Source
This commit is contained in:
Christoph 2020-09-24 02:58:34 +02:00
parent 3b66b10167
commit d9cea040f1
4 changed files with 250 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
group_vars/all/main.yml
View File

@ -665,7 +665,9 @@ apt_remove:
apt_remove_purge: false
microcode_package: intel-microcode
microcode_package:
- intel-microcode
- amd64-microcode
# ---

2
hosts
View File

@ -789,9 +789,7 @@ o13-mail.oopen.de
o13-web.oopen.de
# o14.oopen.de
a.mx.oopen.de
d.mx.oopen.de
e.mx.oopen.de
www2.oopen.de
# o15.oopen.de

125
roles/modify-ipt-gateway-ro/tasks/main.yml
View File

@ -198,6 +198,7 @@
- alfaview_video_conference_out_ipv6_present is changed
# ---
# Allow local services from ALL extern netwoks
# ---
@ -288,6 +289,130 @@
- allow_all_ext_traffic_to_local_service_ipv6_present is changed
# ---
# Allow extern services / networks
# ---
- name: Check if String 'allow_to_ext_service..' (IPv4) is present
shell: grep -q -E "^allow_to_ext_service=" /ro/etc/ipt-firewall/main_ipv4.conf
register: allow_to_ext_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "allow_to_ext_service_ipv4_present.rc > 1"
changed_when: "allow_to_ext_service_ipv4_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv4.conf' (allow_to_ext_service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*allow_local_net_to_ext_net'
block: |
# =============
# - Allow extern service
# =============
# - allow_to_ext_service
# -
# - allow_to_ext_service="<ext-ip:port:protocol> [ext-ip:port:protocol> [.."
# -
# - All traffic to the given (extern) service is allowed
# -
# - Example:
# - allow_to_ext_service="83.223.86.98:3306:tcp
# - 83.223.86.98:10194:udp"
# -
# - Blank separated list
# -
allow_to_ext_service=""
# =============
# - Allow extern network
# =============
# - allow_to_ext_net
# -
# - Allow all traffic to given extern network
# -
# - allow_to_ext_net="<ext-net> [<ext-net> [.."
# -
# - All traffic to the given (extern) network is allowed
# -
# - Example:
# - allow_to_ext_net="83.223.86.98/32
# - 83.223.86.101/32
# - 192.68.11.81/27"
# -
# - Blank separated list
# -
allow_to_ext_net=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_to_ext_service)"
when:
- main_ipv4_exists.stat.exists
- allow_to_ext_service_ipv4_present is changed
- name: Check if String 'allow_to_ext_service..' (IPv6) is present
shell: grep -q -E "^allow_to_ext_service=" /ro/etc/ipt-firewall/main_ipv6.conf
register: allow_to_ext_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "allow_to_ext_service_ipv6_present.rc > 1"
changed_when: "allow_to_ext_service_ipv6_present.rc > 0"
- name: Adjust file '/ro/etc/ipt-firewall/main_ipv6.conf' (allow_to_ext_service)
blockinfile:
path: /ro/etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*allow_local_net_to_ext_net'
block: |
# =============
# - Allow extern service
# =============
# - allow_to_ext_service
# -
# - Allow all traffic to given extern service
# -
# - allow_to_ext_service="<ext-ip,port,protocol> [ext-ip,port,protocol> [.."
# -
# - All traffic to the given (extern) service is allowed
# -
# - Example:
# - allow_to_ext_service="2a01:30:0:13:211:84ff:feb7:7f9c,3306,tcp
# - 2a01:30:0:13:211:84ff:feb7:7f9c,10194,tcp"
# -
# - Blank separated list
# -
allow_to_ext_service=""
# =============
# - Allow extern network
# =============
# - allow_to_ext_net
# -
# - Allow all traffic to given extern network
# -
# - allow_to_ext_net="<local-net,ext-net> [<local-net,ext-net> [.."
# -
# - All traffic from the given (local) network to the given (extern) network is allowed
# -
# - Example:
# - allow_to_ext_net="2a01:30:0:13:211:84ff:feb7:7f9c/64
# - 2001:678:a40:3000::/64"
# -
# - Blank separated list
# -
allow_to_ext_net=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_to_ext_service)"
when:
- main_ipv6_exists.stat.exists
- allow_to_ext_service_ipv6_present is changed
# ---
# Epson Network Scanner
# ---

122
roles/modify-ipt-gateway/tasks/main.yml
View File

@ -338,6 +338,128 @@
- allow_all_ext_traffic_to_local_service_ipv6_present is changed
# ---
# Allow extern services / networks
# ---
- name: Check if String 'allow_to_ext_service..' (IPv4) is present
shell: grep -q -E "^allow_to_ext_service=" /etc/ipt-firewall/main_ipv4.conf
register: allow_to_ext_service_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "allow_to_ext_service_ipv4_present.rc > 1"
changed_when: "allow_to_ext_service_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (allow_to_ext_service)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*allow_local_net_to_ext_net'
block: |
# =============
# - Allow extern service
# =============
# - allow_to_ext_service
# -
# - allow_to_ext_service="<ext-ip:port:protocol> [ext-ip:port:protocol> [.."
# -
# - All traffic to the given (extern) service is allowed
# -
# - Example:
# - allow_to_ext_service="83.223.86.98:3306:tcp
# - 83.223.86.98:10194:udp"
# -
# - Blank separated list
# -
allow_to_ext_service=""
# =============
# - Allow extern network
# =============
# - allow_to_ext_net
# -
# - Allow all traffic to given extern network
# -
# - allow_to_ext_net="<ext-net> [<ext-net> [.."
# -
# - All traffic to the given (extern) network is allowed
# -
# - Example:
# - allow_to_ext_net="83.223.86.98/32
# - 83.223.86.101/32
# - 192.68.11.81/27"
# -
# - Blank separated list
# -
allow_to_ext_net=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_to_ext_service)"
when:
- main_ipv4_exists.stat.exists
- allow_to_ext_service_ipv4_present is changed
- name: Check if String 'allow_to_ext_service..' (IPv6) is present
shell: grep -q -E "^allow_to_ext_service=" /etc/ipt-firewall/main_ipv6.conf
register: allow_to_ext_service_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "allow_to_ext_service_ipv6_present.rc > 1"
changed_when: "allow_to_ext_service_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (allow_to_ext_service)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*allow_local_net_to_ext_net'
block: |
# =============
# - Allow extern service
# =============
# - allow_to_ext_service
# -
# - Allow all traffic to given extern service
# -
# - allow_to_ext_service="<ext-ip,port,protocol> [ext-ip,port,protocol> [.."
# -
# - All traffic to the given (extern) service is allowed
# -
# - Example:
# - allow_to_ext_service="2a01:30:0:13:211:84ff:feb7:7f9c,3306,tcp
# - 2a01:30:0:13:211:84ff:feb7:7f9c,10194,tcp"
# -
# - Blank separated list
# -
allow_to_ext_service=""
# =============
# - Allow extern network
# =============
# - allow_to_ext_net
# -
# - Allow all traffic to given extern network
# -
# - allow_to_ext_net="<local-net,ext-net> [<local-net,ext-net> [.."
# -
# - All traffic from the given (local) network to the given (extern) network is allowed
# -
# - Example:
# - allow_to_ext_net="2a01:30:0:13:211:84ff:feb7:7f9c/64
# - 2001:678:a40:3000::/64"
# -
# - Blank separated list
# -
allow_to_ext_net=""
marker: "# Marker set by modify-ipt-gateway.yml (allow_to_ext_service)"
when:
- main_ipv6_exists.stat.exists
- allow_to_ext_service_ipv6_present is changed
# ---
# Epson Network Scanner