32 lines
738 B
Plaintext
32 lines
738 B
Plaintext
|
Configure firewalld for external interface:
|
||
|
firewalld.present:
|
||
|
- name: external
|
||
|
- masquerade: True
|
||
|
- prune_ports: True
|
||
|
- prune_services: True
|
||
|
- prune_interfaces: True
|
||
|
- interfaces:
|
||
|
- {{ pillar['network']['interface']['external'] }}
|
||
|
- services:
|
||
|
- ssh
|
||
|
|
||
|
Configure firewalld for internal networks:
|
||
|
firewalld.present:
|
||
|
- name: internal
|
||
|
- prune_ports: True
|
||
|
- prune_services: True
|
||
|
- prune_interfaces: True
|
||
|
- interfaces:
|
||
|
- {{ pillar['network']['interface']['internal'] }}
|
||
|
{% for vlan in pillar['network']['vlan'] -%}
|
||
|
- vlan.{{ vlan['id'] }}
|
||
|
{% endfor %}
|
||
|
- services:
|
||
|
- ssh
|
||
|
- dhcp
|
||
|
- tftp
|
||
|
- http
|
||
|
- https
|
||
|
- dns
|
||
|
- ntp
|