90 lines
2.3 KiB
ReStructuredText
90 lines
2.3 KiB
ReStructuredText
Install and configure iptables
|
|
|
|
**Role Variables**
|
|
|
|
.. zuul:rolevar:: iptables_allowed_hosts
|
|
:default: []
|
|
|
|
A list of dictionaries, each item in the list is a rule to add for
|
|
a host/port combination. The format of the dictionary is:
|
|
|
|
.. zuul:rolevar:: hostname
|
|
|
|
The hostname to allow. It will automatically be resolved, and
|
|
the inventory IP address will be added to the firewall.
|
|
|
|
.. zuul:rolevar:: protocol
|
|
|
|
One of "tcp" or "udp".
|
|
|
|
.. zuul:rolevar:: port
|
|
|
|
The port number.
|
|
|
|
.. zuul:rolevar:: iptables_allowed_groups
|
|
:default: []
|
|
|
|
A list of dictionaries, each item in the list is a rule to add for
|
|
a host/port combination. The format of the dictionary is:
|
|
|
|
.. zuul:rolevar:: group
|
|
|
|
The ansible inventory group to add. Every host in the group will
|
|
be added to the firewall.
|
|
|
|
.. zuul:rolevar:: protocol
|
|
|
|
One of "tcp" or "udp".
|
|
|
|
.. zuul:rolevar:: port
|
|
|
|
The port number.
|
|
|
|
.. zuul:rolevar:: iptables_public_tcp_ports
|
|
:default: []
|
|
|
|
A list of public TCP ports to open.
|
|
|
|
.. zuul:rolevar:: iptables_public_udp_ports
|
|
:default: []
|
|
|
|
A list of public UDP ports to open.
|
|
|
|
.. zuul:rolevar:: iptables_rules
|
|
:default: []
|
|
|
|
A list of iptables ingress rules. Each item is a string
|
|
containing the iptables command line options for the rule. These
|
|
will be expanded to cover IPv4 and IPv6.
|
|
|
|
.. zuul:rolevar:: iptables_rules_v4
|
|
:default: []
|
|
|
|
A list of iptables v4 ingress rules. Each item is a string
|
|
containing the iptables command line options for the rule.
|
|
|
|
.. zuul:rolevar:: iptables_rules_v6
|
|
:default: []
|
|
|
|
A list of iptables v6 ingress rules. Each item is a string
|
|
containing the iptables command line options for the rule.
|
|
|
|
.. zuul:rolevar:: iptables_egress_rules
|
|
:default: []
|
|
|
|
A list of iptables egress rules. Each item is a string
|
|
containing the iptables command line options for the rule. These
|
|
will be expanded to cover IPv4 and IPv6.
|
|
|
|
.. zuul:rolevar:: iptables_egress_rules_v4
|
|
:default: []
|
|
|
|
A list of iptables v4 egress rules. Each item is a string
|
|
containing the iptables command line options for the rule.
|
|
|
|
.. zuul:rolevar:: iptables_egress_rules_v6
|
|
:default: []
|
|
|
|
A list of iptables v6 egress rules. Each item is a string
|
|
containing the iptables command line options for the rule.
|