โ Report issues and send Pull Requests in the main Ansible Role repository โ
This role will assume the setup of Shorewall.
It's part of the Manala Ansible stack but can be used as a stand alone component.
None.
None.
Using ansible galaxy cli:
ansible-galaxy install manala.shorewall
Using ansible galaxy requirements file:
- src: manala.shorewall
Name | Type | Description |
---|---|---|
shorewall restart |
Service | Restart shorewall |
Name | Default | Type | Description |
---|---|---|---|
manala_shorewall_install_packages |
~ | Array | Dependency packages to install |
manala_shorewall_install_packages_default |
['shorewall'] | Array | Default dependency packages to install |
manala_shorewall_config_file |
'/etc/shorewall/shorewall.conf' | String | Main configuration file path |
manala_shorewall_config |
[] | Array | Main configuration directives |
manala_shorewall_configs_dir |
'/etc/shorewall' | String | Additional configurations directory path |
manala_shorewall_configs |
[] | Array | Additional configurations directives (zones, rules, interfaces, ...) |
|
Configuration examples (See Shorewall documentation for further informations)
manala_shorewall_configs:
- file: policy
config:
# FW to internet
- fw: all ACCEPT
# Default rule DROP
- net: all DROP info
- dmz: all DROP info
# Must be last
- all: all REJECT info
- file: masq
config:
- eth1: 172.16.0.0/24
- file: interfaces
config:
- dmz: eth0 detect tcpflags,blacklist,bridge,nosmurfs
- net: eth1 detect tcpflags,blacklist,bridge,nosmurfs
- file: zones
config:
- net: ipv4
- dmz: ipv4
- fw: firewall
- file: rules
config:
# Permit access to SSH
- SSH/ACCEPT: net fw - - - -
# Permit access to HTTP(S)
- ACCEPT: net fw tcp 80,443 - -
# Dmz
- ACCEPT: dmz:172.16.0.0/24 net,fw - - - -
# Ping
- Ping(ACCEPT): all
- hosts: servers
roles:
- { role: manala.shorewall }
MIT
Manala (http://www.manala.io/)