shorewall

#######################################################################################################

:exclamation: DEPRECATION :exclamation:

This repository and the role associated are deprecated in favor of the Manala Ansible Collection

You will find informations on its usage on the collection repository

#######################################################################################################

Ansible Role: Shorewall Build Status

:exclamation: Report issues and send Pull Requests in the main Ansible Role repository :exclamation:

This role will assume the setup of Shorewall.

It's part of the Manala Ansible stack but can be used as a stand alone component.

Requirements

None.

Dependencies

None.

Installation

Ansible 2+

Using ansible galaxy cli:

ansible-galaxy install manala.shorewall

Using ansible galaxy requirements file:

- src: manala.shorewall

Role Handlers

Name Type Description
shorewall restart Service Restart shorewall

Role Variables

Name Default Type Description
manala_shorewall_install_packages ~ Array Dependency packages to install
manala_shorewall_install_packages_default ['shorewall'] Array Default dependency packages to install
manala_shorewall_config_file '/etc/shorewall/shorewall.conf' String Main configuration file path
manala_shorewall_config {} Array Main configuration directives
manala_shorewall_configs_exclusive false Boolean Exclusion of existing files additional configurations
manala_shorewall_configs_dir '/etc/shorewall' String Additional configurations directory path
manala_shorewall_configs_defaults {} Array Additional configurations defaults
manala_shorewall_configs [] Array Additional configurations directives (zones, rules, interfaces,...)

Configuration examples (See Shorewall documentation for further informations)

manala_shorewall_config:
  LOG_MARTIANS: "Yes"
  IP_FORWARDING: "On"

manala_shorewall_configs:
  # Content based
  - file: policy
    config: |
      # FW to internet
      fw  all ACCEPT
      # Default rule DROP
      net all DROP   info
      dmz all DROP   info
      # Must be last
      all all REJECT info
  # Template based (file name based on template)
  - template: policy.j2
    config:
      foo: bar
  # Template based (force file name)
  - file: policy
    template: policy_foo.j2
    config:
      foo: bar
  # Dicts array template based (deprecated)
  - file: policy
    config:
      # FW to internet
      - fw:  all ACCEPT
      # Default rule DROP
      - net: all DROP   info
      - dmz: all DROP   info
      # Must be last
      - all: all REJECT info
  # Ensure config is absent
  - file: policy
    state: absent # "present" by default
  # Ignore config
  - file: policy
    state: ignore
  # Flatten configs
  - "{{ my_custom_configs_array }}"

Example playbook

- hosts: servers
  roles:
    - role: manala.shorewall

Licence

MIT

Author information

Manala (http://www.manala.io/)

Install
ansible-galaxy install manala/ansible-role-shorewall
GitHub repository
License
Unknown
Downloads
1648
Owner
Manala is an open source project supported by the french web agency ELAO providing advanced ansible roles for website's infrastructures and far more.