.
This commit is contained in:
Jonas Forsberg
@@ -13,7 +13,7 @@ Configure firewalld for external interface:
|
||||
- prune_interfaces: True
|
||||
- prune_sources: True
|
||||
- interfaces:
|
||||
- {{ pillar['network']['interface']['external'] }}
|
||||
- {{ pillar['network']['external'] }}
|
||||
- services:
|
||||
- ssh
|
||||
- wireguard
|
||||
@@ -26,12 +26,12 @@ Configure firewalld for internal network:
|
||||
- prune_interfaces: True
|
||||
- prune_sources: True
|
||||
- interfaces:
|
||||
- {{ pillar['network']['interface']['internal'] }}
|
||||
- {{ pillar['network']['interface'] }}
|
||||
- {{ pillar['wireguard']['iface'] }}
|
||||
- {{ pillar['network']['interface']['wireless'] }}
|
||||
- {{ pillar['network']['interface']['bridge'] }}
|
||||
- {{ pillar['network']['wireless'] }}
|
||||
- {{ pillar['network']['bridge'] }}
|
||||
- sources:
|
||||
- {{ pillar['network']['netaddress'] }}/{{ pillar['network']['netmask'] }}
|
||||
- {{ pillar['network']['ip'][0:-1] }}0/24
|
||||
- services:
|
||||
- ssh
|
||||
- dhcp
|
||||
@@ -41,7 +41,7 @@ Configure firewalld for internal network:
|
||||
- dns
|
||||
- ntp
|
||||
|
||||
Configure firewalld for vlan networks:
|
||||
Configure firewalld for public networks:
|
||||
firewalld.present:
|
||||
- name: public
|
||||
- prune_ports: True
|
||||
@@ -50,13 +50,46 @@ Configure firewalld for vlan networks:
|
||||
- prune_sources: True
|
||||
- interfaces:
|
||||
{% for vlan in pillar['network']['vlan'] -%}
|
||||
{% if vlan['zone'] == 'public' -%}
|
||||
- vlan.{{ vlan['id'] }}
|
||||
{% endif -%}
|
||||
{% endfor %}
|
||||
- sources:
|
||||
{% for vlan in pillar['network']['vlan'] -%}
|
||||
{% set ip = vlan['address'] -%}
|
||||
{% set netmask = vlan['netmask'] -%}
|
||||
- {{ ip[0:-1] }}0/{{ netmask }}
|
||||
{% if vlan['zone'] == 'public' -%}
|
||||
- {{ ip[0:-1] }}0/24
|
||||
{% endif -%}
|
||||
{% endfor %}
|
||||
- services:
|
||||
- ssh
|
||||
- dhcp
|
||||
- tftp
|
||||
- http
|
||||
- https
|
||||
- dns
|
||||
- ntp
|
||||
|
||||
|
||||
Configure firewalld for airgap networks:
|
||||
firewalld.present:
|
||||
- name: airgap
|
||||
- prune_ports: True
|
||||
- prune_services: True
|
||||
- prune_interfaces: True
|
||||
- prune_sources: True
|
||||
- interfaces:
|
||||
{% for vlan in pillar['network']['vlan'] -%}
|
||||
{% if vlan['zone'] == 'airgap' -%}
|
||||
- vlan.{{ vlan['id'] }}
|
||||
{% endif -%}
|
||||
{% endfor %}
|
||||
- sources:
|
||||
{% for vlan in pillar['network']['vlan'] -%}
|
||||
{% set ip = vlan['address'] -%}
|
||||
{% if vlan['zone'] == 'airgap' -%}
|
||||
- {{ ip[0:-1] }}0/24
|
||||
{% endif -%}
|
||||
{% endfor %}
|
||||
- services:
|
||||
- ssh
|
||||
|
||||
Reference in New Issue
Block a user