Newer
Older
Stéphane Diemer
committed
- /etc/ferm/ferm.d
- /etc/ferm/input.d
- /etc/ferm/output.d
- /etc/ferm/forward.d
file:
path: "{{ item }}"
state: directory
Stéphane Diemer
committed
- name: global
when: ferm_global_settings | d(false)
Stéphane Diemer
committed
copy:
dest: /etc/ferm/ferm.d/{{ ferm_rules_filename }}.conf
content: "{{ ferm_global_settings }}"
- name: input
when: ferm_input_rules | length > 0
copy:
dest: /etc/ferm/input.d/{{ ferm_rules_filename }}.conf
content: |
{% for rule in ferm_input_rules %}
{% if rule.mod is defined and rule.mod %}mod {{ rule.mod }} {% endif %}
{% if rule.helper is defined and rule.helper %}helper {{ rule.helper }} {% endif %}
{% if rule.saddr is defined and rule.saddr %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
{% if rule.daddr is defined and rule.daddr %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
{% if rule.proto is defined and rule.proto %}proto ({{ rule.proto | join(' ') }}) {% endif %}
{% if rule.dport is defined and rule.dport %}dport ({{ rule.dport | join(' ') }}) {% endif %}
{% if rule.sport is defined and rule.sport %}sport ({{ rule.sport | join(' ') }}) {% endif %}
{% if rule.policy is defined and rule.policy %}{{ rule.policy | upper }}{% else %}ACCEPT{% endif %};
{% endfor %}
- name: output
when: ferm_output_rules | length > 0
copy:
dest: /etc/ferm/output.d/{{ ferm_rules_filename }}.conf
content: |
{% for rule in ferm_output_rules %}
{% if rule.mod is defined and rule.mod %}mod {{ rule.mod }} {% endif %}
{% if rule.helper is defined and rule.helper %}helper {{ rule.helper }} {% endif %}
{% if rule.saddr is defined and rule.saddr %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
{% if rule.daddr is defined and rule.daddr %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
{% if rule.proto is defined and rule.proto %}proto ({{ rule.proto | join(' ') }}) {% endif %}
{% if rule.dport is defined and rule.dport %}dport ({{ rule.dport | join(' ') }}) {% endif %}
{% if rule.sport is defined and rule.sport %}sport ({{ rule.sport | join(' ') }}) {% endif %}
{% if rule.policy is defined and rule.policy %}{{ rule.policy | upper }}{% else %}ACCEPT{% endif %};
{% endfor %}
- name: forward
when: ferm_forward_rules | length > 0
copy:
dest: /etc/ferm/forward.d/{{ ferm_rules_filename }}.conf
content: |
{% for rule in ferm_forward_rules %}
{% if rule.mod is defined and rule.mod %}mod {{ rule.mod }} {% endif %}
{% if rule.helper is defined and rule.helper %}helper {{ rule.helper }} {% endif %}
{% if rule.saddr is defined and rule.saddr %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
{% if rule.daddr is defined and rule.daddr %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
{% if rule.proto is defined and rule.proto %}proto ({{ rule.proto | join(' ') }}) {% endif %}
{% if rule.dport is defined and rule.dport %}dport ({{ rule.dport | join(' ') }}) {% endif %}
{% if rule.sport is defined and rule.sport %}sport ({{ rule.sport | join(' ') }}) {% endif %}
{% if rule.policy is defined and rule.policy %}{{ rule.policy | upper }}{% else %}ACCEPT{% endif %};
{% endfor %}
...