Context Navigation

source: MondoRescue/branches/3.3/ansible/roles/shorewall/defaults/main.yml@ 3667

Visit:

Last change on this file since 3667 was 3667, checked in by Bruno Cornec, 7 years ago
Many updates to MR setup
File size: 2.8 KB

Rev	Line
[3655]	1	---
	2	shorewall_enabled: "Yes"
	3
	4	shorewall_zones:
	5	- zone: "fw"
	6	type: "firewall"
	7	- zone: "net"
	8	type: "ipv4"
	9
	10	shorewall_interfaces:
	11	- interface: "enp2s0f0"
	12	zone: "net"
	13	broadcast: "detect"
	14	options: "dhcp,tcpflags,nosmurfs,logmartians"
	15
	16	shorewall_policies:
	17	- source: "fw"
	18	destination: "net"
	19	policy: "REJECT"
	20	log_level: "info"
	21	- source: "net"
	22	destination: "fw"
	23	policy: "DROP"
	24	- source: "all"
	25	destination: "all"
	26	policy: "REJECT"
	27	log_level: "info"
	28
	29	shorewall_rules:
	30	- section: "NEW"
	31	rules:
	32	# Incoming SSH
	33	- { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 22 }
	34	# Incoming HTTP
	35	- { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 80 }
[3656]	36	# Incoming RSYNC
	37	- { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 873 }
[3655]	38	# Incoming SVN
	39	- { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 3690 }
	40	# Incoming FTP
	41	- { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 20 }
	42	- { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 21 }
[3667]	43	# Incoming SMTP
	44	- { action: ACCEPT, source: "net:{{ smtp }}", destination: fw, protocol: tcp, destination_port: 25 }
[3655]	45	# Incoming NTP
	46	- { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 123 }
	47	- { action: ACCEPT, source: net, destination: fw, protocol: udp, destination_port: 123 }
	48	# Incoming PING
	49	- { action: ACCEPT, source: net, destination: fw, protocol: icmp, destination_port: 8 }
[3656]	50	# Outgoing NTP
	51	- { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 123 }
	52	- { action: ACCEPT, source: fw, destination: net, protocol: udp, destination_port: 123 }
[3655]	53	# Outgoing DNS
	54	- { action: ACCEPT, source: fw, destination: "net:{{ dns1 }}", protocol: udp, destination_port: 53 }
	55	- { action: ACCEPT, source: fw, destination: "net:{{ dns2 }}", protocol: udp, destination_port: 53 }
	56	- { action: ACCEPT, source: fw, destination: "net:{{ dns1 }}", protocol: tcp, destination_port: 53 }
	57	- { action: ACCEPT, source: fw, destination: "net:{{ dns2 }}", protocol: tcp, destination_port: 53 }
[3656]	58	# Outgoing HTTP/S
[3655]	59	- { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 80 }
[3656]	60	- { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 443}
[3657]	61	# Outgoing SPAM
	62	- { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 9999 }
	63	# Outgoing SMTP
[3667]	64	- { action: ACCEPT, source: fw, destination: "net:{{ smtp }}", protocol: tcp, destination_port: 25 }
	65	# Outgoing SSH
	66	- { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 22 }
[3657]	67	# Outgoing PING
	68	- { action: ACCEPT, source: fw, destination: net, protocol: icmp, destination_port: 8 }

Note: See TracBrowser for help on using the repository browser.

Download in other formats: