Skip to content
/ ansible-firewall Public

Simple ingress firewall based on iptables

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SoInteractive/ansible-firewall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
.travis
.travis
 
 
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
molecule.yml
molecule.yml
 
 

Repository files navigation

firewall logo

Ansible Role: firewall

Build Status License Ansible Role GitHub tag Twitter URL

Ansible role to setup persistent ingress firewall based on iptables with fail2ban. By design it will open communication:

  • on loopback interface
  • on port 22 (SSH)
  • for NTP
  • for DNS

⚠️ IMPORTANT NOTICE

THIS PROJECT IS ABANDONED. WE DO NOT ACCEPT ANY NEW ISSUES AND/OR PULL REQUESTS.

Requirements

python-netaddr package installed on deployer host is required to run this role.

Example usage

Use it in a playbook as follows:

- hosts: all
  become: true
  roles:
    - SoInteractive.firewall

Little more advanced usage (enable traffic on port 80 only for 10.0.0.0/8 subnet and 443 for everyone)

- hosts: webserver
  become: true
  roles:
    - firewall
  vars:
    firewall_allow:
      - { source: "10.0.0.0/8", port: "80" }
      - { port: "443" }

Have a look at the defaults/main.yml for role variables that can be overridden.

TODO

Refactor to enable idempotance tests

About

Simple ingress firewall based on iptables

Topics

security ansible iptables

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

1 fork
Report repository

Releases

21 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages