Ansible role which installs and configures shorewall and shorewall6.
shorewall: True
shorewall6: False
shorewall_interfaces:
- { zone: net, interface: eth0, options: "dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0" }
shorewall_policies:
- { source: "$FW", dest: all, policy: ACCEPT }
- { source: net, dest: all, policy: REJECT }
- { source: all, dest: all, policy: REJECT, log_level: info }
shorewall_rules:
- section: NEW
rules:
- { action: "Invalid(DROP)", source: net, dest: "$FW", proto: tcp }
- { action: ACCEPT, source: net, dest: "$FW", proto: tcp, dest_port: ssh }
- { action: ACCEPT, source: net, dest: "$FW", proto: icmp, dest_port: echo-request }
shorewall_zones:
- { zone: fw, type: firewall }
- { zone: net, type: ipv4 }
- hosts: all
roles:
- SphericalElephant.shorewall
MIT
- Farhad Shahbazi
- Sascha Biberhofer