shorewall

Overview Versions Insights

#######################################################################################################

:exclamation: DEPRECATION :exclamation:

This repository and the role associated are deprecated in favor of the Manala Ansible Collection

You will find informations on its usage on the collection repository

#######################################################################################################

Ansible Role: Shorewall

:exclamation: Report issues and send Pull Requests in the main Ansible Role repository :exclamation:

This role will assume the setup of Shorewall.

It's part of the Manala Ansible stack but can be used as a stand alone component.

Requirements

None.

Dependencies

None.

Installation

Ansible 2+

Using ansible galaxy cli:

ansible-galaxy install manala.shorewall

Using ansible galaxy requirements file:

- src: manala.shorewall

Role Handlers

Name	Type	Description
`shorewall restart`	Service	Restart shorewall

Role Variables

Name	Default	Type	Description
`manala_shorewall_install_packages`	~	Array	Dependency packages to install
`manala_shorewall_install_packages_default`	['shorewall']	Array	Default dependency packages to install
`manala_shorewall_config_file`	'/etc/shorewall/shorewall.conf'	String	Main configuration file path
`manala_shorewall_config`	{}	Array	Main configuration directives
`manala_shorewall_configs_exclusive`	false	Boolean	Exclusion of existing files additional configurations
`manala_shorewall_configs_dir`	'/etc/shorewall'	String	Additional configurations directory path
`manala_shorewall_configs_defaults`	{}	Array	Additional configurations defaults
`manala_shorewall_configs`	[]	Array	Additional configurations directives (zones, rules, interfaces,...)

Configuration examples (See Shorewall documentation for further informations)

manala_shorewall_config:
  LOG_MARTIANS: "Yes"
  IP_FORWARDING: "On"

manala_shorewall_configs:
  # Content based
  - file: policy
    config: |
      # FW to internet
      fw  all ACCEPT
      # Default rule DROP
      net all DROP   info
      dmz all DROP   info
      # Must be last
      all all REJECT info
  # Template based (file name based on template)
  - template: policy.j2
    config:
      foo: bar
  # Template based (force file name)
  - file: policy
    template: policy_foo.j2
    config:
      foo: bar
  # Dicts array template based (deprecated)
  - file: policy
    config:
      # FW to internet
      - fw:  all ACCEPT
      # Default rule DROP
      - net: all DROP   info
      - dmz: all DROP   info
      # Must be last
      - all: all REJECT info
  # Ensure config is absent
  - file: policy
    state: absent # "present" by default
  # Ignore config
  - file: policy
    state: ignore
  # Flatten configs
  - "{{ my_custom_configs_array }}"

Example playbook

- hosts: servers
  roles:
    - role: manala.shorewall

Licence

MIT

Author information

Manala (http://www.manala.io/)

About

Handle shorewall

role network shorewall system

Install

ansible-galaxy install manala/ansible-role-shorewall

GitHub repository

1 stars

3 forks

0 open issues

License

Unknown

Downloads

1648

Owner

Manala

Manala is an open source project supported by the french web agency ELAO providing advanced ansible roles for website's infrastructures and far more.