Ansible role which installs and configures shorewall and shorewall6.
shorewall: True
shorewall6: False
shorewall_interfaces:
- { zone: net, interface: eth0, options: "dhcp,tcpflags,logmartians,nosmurfs,sourceroute=0" }
shorewall_policies:
- { source: "$FW", dest: all, policy: ACCEPT }
- { source: net, dest: all, policy: REJECT }
- { source: all, dest: all, policy: REJECT, log_level: info }
shorewall_rules:
- section: NEW
rules:
- { action: "Invalid(DROP)", source: net, dest: "$FW", proto: tcp }
- { action: ACCEPT, source: net, dest: "$FW", proto: tcp, dest_port: ssh }
- { action: ACCEPT, source: net, dest: "$FW", proto: icmp, dest_port: echo-request }
shorewall_custom_rules:
github:
- { rule: 'ACCEPT', src: 'fw', dst: 'net:github.com', proto: 'tcp', dport: '22,443', comment: 'Allow access to GitHub' }
shorewall_zones:
- { zone: fw, type: firewall }
- { zone: net, type: ipv4 }- hosts: all
roles:
- ansible-shorewall
MIT
- Jani Karlsson
- Farhad Shahbazi
- Sascha Biberhofer
Original project: https://github.com/SphericalElephant/ansible-shorewall