pi3r1k / ansible-role-shorewall Goto Github PK

View Code? Open in Web Editor NEW

[READ-ONLY] Ansible role dealing with the setup of Shorewall

Makefile 85.10% Python 14.90%

ansible-role-shorewall's Introduction

Ansible Role: Shorewall

❗ Report issues and send Pull Requests in the main Ansible Role repository ❗

This role will assume the setup of Shorewall.

It's part of the Manala Ansible stack but can be used as a stand alone component.

Requirements

None.

Dependencies

None.

Installation

Ansible 2+

Using ansible galaxy cli:

ansible-galaxy install manala.shorewall

Using ansible galaxy requirements file:

- src: manala.shorewall

Role Handlers

Name	Type	Description
`shorewall restart`	Service	Restart shorewall

Role Variables

Name	Default	Type	Description
`manala_shorewall_install_packages`	~	Array	Dependency packages to install
`manala_shorewall_install_packages_default`	['shorewall']	Array	Default dependency packages to install
`manala_shorewall_config_file`	'/etc/shorewall/shorewall.conf'	String	Main configuration file path
`manala_shorewall_config`	[]	Array	Main configuration directives
`manala_shorewall_configs_dir`	'/etc/shorewall'	String	Additional configurations directory path
`manala_shorewall_configs`	[]	Array	Additional configurations directives (zones, rules, interfaces, ...)

Configuration examples (See Shorewall documentation for further informations)

manala_shorewall_configs:
  - file: policy
    config:
      # FW to internet
      - fw:  all ACCEPT
      # Default rule DROP
      - net: all DROP   info
      - dmz: all DROP   info
      # Must be last
      - all: all REJECT info
  - file: masq
    config:
      - eth1: 172.16.0.0/24
  - file: interfaces
    config:
      - dmz: eth0 detect tcpflags,blacklist,bridge,nosmurfs
      - net: eth1 detect tcpflags,blacklist,bridge,nosmurfs
  - file: zones
    config:
      - net: ipv4
      - dmz: ipv4
      - fw:  firewall
  - file: rules
    config:
      # Permit access to SSH
      - SSH/ACCEPT:   net               fw               -   -              - -
      # Permit access to HTTP(S)
      - ACCEPT:       net               fw               tcp 80,443         - -
      # Dmz
      - ACCEPT:       dmz:172.16.0.0/24 net,fw           -   -              - -
      # Ping
      - Ping(ACCEPT): all

Example playbook

- hosts: servers
  roles:
    - { role: manala.shorewall }

Licence

MIT

Author information

Manala (http://www.manala.io/)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.

Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

TensorFlow

An Open Source Machine Learning Framework for Everyone

Django

The Web framework for perfectionists with deadlines.

Laravel

A PHP framework for web artisans

D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

web

Some thing interesting about web. New door for the world.

server

A server is a program made to process requests and deliver data to clients.

Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

Visualization

Some thing interesting about visualization, use data art

Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.

Microsoft

Open source projects and samples from Microsoft.

Google

Google ❤️ Open Source for everyone.

Alibaba

Alibaba Open Source for everyone

D3

Data-Driven Documents codes.

Tencent

China tencent open source team.