source: branches/3.3/ansible/roles/shorewall/defaults/main.yml @ 3656

Last change on this file since 3656 was 3656, checked in by bruno, 2 years ago

More services up and runnig for the MondoRescue? server

File size: 2.2 KB
Line 
1---
2shorewall_enabled: "Yes"
3
4shorewall_zones:
5- zone: "fw"
6  type: "firewall"
7- zone: "net"
8  type: "ipv4"
9
10shorewall_interfaces:
11- interface: "enp2s0f0"
12  zone: "net"
13  broadcast: "detect"
14  options: "dhcp,tcpflags,nosmurfs,logmartians"
15
16shorewall_policies:
17- source: "fw"
18  destination: "net"
19  policy: "REJECT"
20  log_level: "info"
21- source: "net"
22  destination: "fw"
23  policy: "DROP"
24- source: "all"
25  destination: "all"
26  policy: "REJECT"
27  log_level: "info"
28
29shorewall_rules:
30- section: "NEW"
31  rules:
32  # Incoming SSH
33  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 22 }
34  # Incoming HTTP
35  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 80 }
36  # Incoming RSYNC
37  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 873 }
38  # Incoming SVN
39  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 3690 }
40  # Incoming FTP
41  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 20 }
42  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 21 }
43  # Incoming NTP
44  - { action: ACCEPT, source: net, destination: fw, protocol: tcp, destination_port: 123 }
45  - { action: ACCEPT, source: net, destination: fw, protocol: udp, destination_port: 123 }
46  # Incoming PING
47  - { action: ACCEPT, source: net, destination: fw, protocol: icmp, destination_port: 8 }
48  # Outgoing NTP
49  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 123 }
50  - { action: ACCEPT, source: fw, destination: net, protocol: udp, destination_port: 123 }
51  # Outgoing DNS
52  - { action: ACCEPT, source: fw, destination: "net:{{ dns1 }}", protocol: udp, destination_port: 53 }
53  - { action: ACCEPT, source: fw, destination: "net:{{ dns2 }}", protocol: udp, destination_port: 53 }
54  - { action: ACCEPT, source: fw, destination: "net:{{ dns1 }}", protocol: tcp, destination_port: 53 }
55  - { action: ACCEPT, source: fw, destination: "net:{{ dns2 }}", protocol: tcp, destination_port: 53 }
56  # Outgoing HTTP/S
57  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 80 }
58  - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 443}
Note: See TracBrowser for help on using the repository browser.