ferm
Ferm / iptables managment
This role manages the iptables using ferm script.
As it's very hard to write generic iptables template, this role just moves user defined ferm config snippets to the server and generate the ruleset using iptables.
Requirements
- ansible: 2.1
- Redhat/CentOS: EPEL
- Ubuntu: multiverse repository
Role Variables
OS based variables
Some variables are based on OS. These variables are locaten in vars/os-<OS>.yml
files.
Generic Variables
ferm_directory
: ferm configuration directory, defaults to /etc/fermferm_service_state
: if the ferm should be startedferm_service_enabled
: if the ferm should be enabled in boot sequence
Firewal rules
ferm_rules_directory
: where should I look for the firewall rules files, default to playbook templates directoryferm_net_mngt
: list of management networks, defaultd allow anyferm_domains
: to which ip version generate the rules, defaults IPv4 and IPv6ferm_rules
: list of rules to apply. defualt allow only SSH and ICMP
Power of the templating engine and the ferm engine to generate rules for IPv4 and IPv6. The hard work to write the rules is still on you, but you have it fully under control.
Example
host/group variables
ferm_rules_directory: {{ playbook_dir }}/files/ferm
ferm_rules:
- vars
- default_rules
- connection_tracking
- input_icmp
- managment
- service_zabbix-agent
In this case you should create following files
{{ playbook_dir }}/files/ferm/rules/vars.conf.j2
{{ playbook_dir }}/files/ferm/rules/default_rules.conf.j2
...
You should rewrite the ferm_rules
in group_var or host_vars for each group or server as needed.
playbook
For example the ferm variables
in your group_vars/all
could be
- hosts: ferm
roles:
- hudecof.ferm
Dependencies
None
License
BSD
Author Information
Peter Hudec
Install
ansible-galaxy install hudecof/ansible_ferm
License
Unknown
Downloads
1385
Owner