Skip to content
This repository has been archived by the owner on Dec 15, 2020. It is now read-only.
/ ansible-firewall Public archive

Default deny simple firewall role for OpenBSD and Debian derivatives

License

BSD-2-Clause license
6 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ivaldi/ansible-firewall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
files
files
 
 
handlers
handlers
 
 
tasks
tasks
 
 
templates
templates
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ansible role to configure firewall rules

Use this role to configure pf on OpenBSD or iptables on Debian derived distributions. Only simple incoming rules are currently supported. The configuration defaults to denying all incoming connections.

Requirements

This role will work on OpenBSD and Debian derived systems.

Role Variables

Fill firewall_rules with an array of hashes to configure incoming rules. The hash supports the following variables:

  • allow whether this is an allow or deny rule, can be either true or false
  • proto will default to tcp but can also be udp or icmp for example
  • source list of source ip addresses that are allowed/denied
  • port the destination port on the server

Dependencies

None.

Example Playbook

The following playbook will allow all icmp traffic and will allow ssh access from 192.168.0.10.

- hosts: servers
  vars:
    firewall_rules:
      - proto: icmp
      - port: 22
        source:
          - 192.168.0.10
  roles:
     - ivaldi.firewall

License

BSD

Author Information

Developed by Frank Groeneveld for use by Ivaldi.

About

Default deny simple firewall role for OpenBSD and Debian derivatives

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

6 stars

Watchers

6 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages