Context Navigation

← Previous Change
Next Change →

shorewall

Timestamp:

Oct 12, 2017, 12:57:53 AM (8 years ago)

Author:

Bruno Cornec

Message:

Adds docker fw configuration for MR machine

Location:

branches/3.3/ansible/roles/shorewall

Files:

: 1 added
: 2 edited

Legend:

: Unmodified
: Added
: Removed

branches/3.3/ansible/roles/shorewall/defaults/main.yml

-              r3667
+              r3694
 - zone: "net"
   type: "ipv4"
+- zone: "dock"
+  type: "ipv4"
 shorewall_interfaces:
 …
   broadcast: "detect"
   options: "dhcp,tcpflags,nosmurfs,logmartians"
+- interface: "docker0"
+  zone: "dock"
+  broadcast: "detect"
+  #options: "dhcp,tcpflags,nosmurfs,logmartians"
 shorewall_policies:
 …
   policy: "REJECT"
   log_level: "info"
+shorewall_masq:
+- interface: "enp2s0f0"
+  source: "172.17.0.0/16"
 shorewall_rules:
 …
   - { action: ACCEPT, source: fw, destination: "net:{{ dns1 }}", protocol: tcp, destination_port: 53 }
   - { action: ACCEPT, source: fw, destination: "net:{{ dns2 }}", protocol: tcp, destination_port: 53 }
+  - { action: ACCEPT, source: dock, destination: "net:{{ dns1 }}", protocol: udp, destination_port: 53 }
+  - { action: ACCEPT, source: dock, destination: "net:{{ dns2 }}", protocol: udp, destination_port: 53 }
+  - { action: ACCEPT, source: dock, destination: "net:{{ dns1 }}", protocol: tcp, destination_port: 53 }
+  - { action: ACCEPT, source: dock, destination: "net:{{ dns2 }}", protocol: tcp, destination_port: 53 }
   # Outgoing HTTP/S
   - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 80 }
   - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 443}
+  - { action: ACCEPT, source: dock, destination: net, protocol: tcp, destination_port: 80 }
+  - { action: ACCEPT, source: dock, destination: net, protocol: tcp, destination_port: 443}
   # Outgoing SPAM
   - { action: ACCEPT, source: fw, destination: net, protocol: tcp, destination_port: 9999 }
 …
   # Outgoing PING
   - { action: ACCEPT, source: fw, destination: net, protocol: icmp, destination_port: 8 }
+  - { action: ACCEPT, source: dock, destination: net, protocol: icmp, destination_port: 8 }

branches/3.3/ansible/roles/shorewall/tasks/main.yml

-              r3655
+              r3694
   template: src=policy.j2 dest=/etc/shorewall/policy owner=root group=root mode=0600 backup=yes
+- name: Generate masq
+  template: src=masq.j2 dest=/etc/shorewall/masq owner=root group=root mode=0600 backup=yes
 - name: Generate rules
   template: src=rules.j2 dest=/etc/shorewall/rules owner=root group=root mode=0600 backup=yes

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 3694 in MondoRescue for branches/3.3/ansible/roles/shorewall

Legend:

branches/3.3/ansible/roles/shorewall/defaults/main.yml

branches/3.3/ansible/roles/shorewall/tasks/main.yml

Download in other formats: