An Ansible role that manages an Iptables Firewall on Ubuntu 14.04
None
Ansible variables are listed here along with their default values:
firewall_policy_input
sets the default policy for the INPUT chain:
firewall_policy_input: "DROP"
firewall_policy_forward
sets the default policy for the FORWARD chain:
firewall_policy_forward: "DROP"
firewall_policy_output
sets the default policy for the OUTPUT chain:
firewall_policy_output: "ACCEPT"
firewall_log_dropped_packets
flags whether dropped packets should be logged:
firewall_log_dropped_packets: true
firewall_ssh_port
sets an open port for SSH traffic
firewall_ssh_port: 22
firewall_allowed_tcp_ports
is a list of open TCP ports:
firewall_allowed_tcp_ports: [80, 443]
firewall_allowed_udp_ports
is a list of open UDP ports:
firewall_allowed_udp_ports: []
firewall_forwarded_tcp_ports
is a list of forwarded TCP ports. Each element
in the list may designate:
-
src required The source port
-
dest required The destination port
firewall_forwarded_tcp_ports: []
firewall_forwarded_udp_ports
is a list of forwarded UDP ports. Each element
in the list may designate:
-
src required The source port
-
dest required The destination port
firewall_forwarded_udp_ports: []
firewall_additional_rules
is a list of additional Iptables rules added
verbatim. For example: firewall_additional_rules: ["iptables -A OUTPUT -f -d 192.168.1.1 -j DROP"]
firewall_additional_rules: []
None
---
- hosts: all
vars:
- firewall_ssh_port: 2222
- firewall_allowed_tcp_ports: [80, 32400]
roles:
- novuso.firewall
This is released under the MIT license.