-
Notifications
You must be signed in to change notification settings - Fork 36
/
main.yml
59 lines (57 loc) · 1.49 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
---
firewall_v4_configure: true
firewall_v6_configure: false
firewall_v4_flush_rules:
- -F
- -X
- -t raw -F
- -t raw -X
- -t nat -F
- -t nat -X
- -t mangle -F
- -t mangle -X
firewall_v4_default_rules:
001 default policies:
- -P INPUT ACCEPT
- -P OUTPUT ACCEPT
- -P FORWARD DROP
002 allow loopback:
- -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
003 allow ping replies:
- -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
- -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
100 allow established related:
- -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
200 allow ssh:
- -A INPUT -p tcp --dport ssh -j ACCEPT
999 drop everything:
- -P INPUT DROP
firewall_v4_group_rules: {}
firewall_v4_host_rules: {}
firewall_v6_flush_rules:
- -F
- -X
- -t raw -F
- -t raw -X
- -t nat -F
- -t nat -X
- -t mangle -F
- -t mangle -X
firewall_v6_default_rules:
001 default policies:
- -P INPUT ACCEPT
- -P OUTPUT ACCEPT
- -P FORWARD DROP
002 allow loopback:
- -A INPUT -i lo -s ::1/128 -d ::1/128 -j ACCEPT
003 allow ping replies:
- -A INPUT -p icmpv6 --icmpv6-type echo-request -j ACCEPT
- -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
100 allow established related:
- -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
200 allow ssh:
- -A INPUT -p tcp --dport ssh -j ACCEPT
999 drop everything:
- -P INPUT DROP
firewall_v6_group_rules: {}
firewall_v6_host_rules: {}