74 lines
1.8 KiB
YAML
74 lines
1.8 KiB
YAML
- name: add if_lan with static address
|
|
template:
|
|
src: interfaces-static.j2
|
|
dest: /etc/network/interfaces.d/static
|
|
mode: 0644
|
|
notify: restart networking
|
|
|
|
- name: install shorewall packages
|
|
apt: name=shorewall state=latest # noqa package-latest
|
|
|
|
- name: copy shorewall configuration
|
|
command: cp {{ item }} /etc/shorewall/
|
|
args:
|
|
chdir: /usr/share/doc/shorewall/examples/two-interfaces/
|
|
creates: "/etc/shorewall/{{ item }}"
|
|
with_items:
|
|
- interfaces
|
|
- snat
|
|
- policy
|
|
- rules
|
|
- stoppedrules
|
|
- zones
|
|
notify: restart shorewall
|
|
|
|
- name: find files in /etc/shorewall/
|
|
find:
|
|
paths: /etc/shorewall/
|
|
use_regex: true
|
|
pattern: '.+[^~]$'
|
|
contains: '.*(eth0|eth1).*'
|
|
register: find_result
|
|
notify: restart shorewall
|
|
|
|
- name: fix WAN interface name in shorewall configuration
|
|
replace:
|
|
dest: "{{ item.path }}"
|
|
regexp: 'eth0'
|
|
replace: "{{ if_wan }}"
|
|
backup: true
|
|
with_items: "{{ find_result.files }}"
|
|
notify: restart shorewall
|
|
|
|
- name: fix LAN interface name in shorewall configuration
|
|
replace:
|
|
dest: "{{ item.path }}"
|
|
regexp: 'eth1'
|
|
replace: "{{ if_lan }}"
|
|
backup: true
|
|
with_items: "{{ find_result.files }}"
|
|
notify: restart shorewall
|
|
|
|
- name: configure forwarding in shorewall.conf
|
|
replace:
|
|
dest: /etc/shorewall/shorewall.conf
|
|
regexp: 'IP_FORWARDING=Keep'
|
|
replace: 'IP_FORWARDING=Yes'
|
|
backup: true
|
|
notify: restart shorewall
|
|
|
|
- name: configure shorewall policy
|
|
replace:
|
|
dest: /etc/shorewall/policy
|
|
regexp: 'loc(\s+)net(\s+)ACCEPT'
|
|
replace: 'loc\1all\2ACCEPT\n$FW\1all\2ACCEPT'
|
|
backup: true
|
|
notify: restart shorewall
|
|
|
|
- name: configure shorewall rules
|
|
replace:
|
|
dest: /etc/shorewall/rules
|
|
regexp: '(SSH\(ACCEPT\)\s+)loc(\s+\$FW)'
|
|
replace: '\1all\2'
|
|
backup: true
|
|
notify: restart shorewall
|