pk/mail-server
1
0
Fork 0
mirror of https://github.com/pikami/mail-server.git synced 2026-05-21 04:27:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Extract playbook actions to roles

Browse Source
This commit is contained in:
Pijus Kamandulis
2024-05-31 01:17:29 +03:00
parent 311d6ce925
commit 5ee8b48ff7
38 changed files with 414 additions and 463 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible/roles/firewall/templates/pf.conf.j2
+29
View File
@@ -0,0 +1,29 @@
# {{ ansible_managed }}
# Skip filtering on the loopback interface
set skip on lo
# set up a default deny policy
block all
# Block remote X11 connections
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
{% for interface in firewall_interfaces %}
# Pass rules for the specific ports on the {{ interface.name }} interface
{% if (interface.allowed_tcp is defined) and interface.allowed_tcp %}
{% for port in interface.allowed_tcp %}
pass in on {{ interface.name }} proto tcp from any to any port {{ port }}
{% endfor %}
{% endif %}
{% if (interface.allowed_udp is defined) and interface.allowed_udp %}
{% for port in interface.allowed_udp %}
pass in on {{ interface.name }} proto udp from any to any port {{ port }}
{% endfor %}
{% endif %}
pass in on {{ interface.name }} proto icmp
# Pass out rule to allow outgoing traffic on the {{ interface.name }} interface
pass out on {{ interface.name }}
{% endfor %}