add vm eap-adp-jump01
with a basic playbook for configuration
This commit is contained in:
parent
0f79a64d94
commit
dbe8978987
|
@ -0,0 +1,27 @@
|
|||
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
|
||||
#
|
||||
# See pf.conf(5) and /etc/examples/pf.conf
|
||||
|
||||
set skip on lo
|
||||
|
||||
block return # block stateless traffic
|
||||
|
||||
# By default, do not permit remote connections to X11
|
||||
block return in on ! lo0 proto tcp to port 6000:6010
|
||||
|
||||
# Port build user does not need network
|
||||
block return out log proto {tcp udp} user _pbuild
|
||||
|
||||
# allow outgoing tcp, udp and icmp
|
||||
pass out proto { tcp, udp } from self to any
|
||||
pass out inet proto icmp from self to any
|
||||
pass out inet6 proto icmp6 from self to any
|
||||
|
||||
# allow incoming icmp
|
||||
pass in inet proto icmp from any to self
|
||||
pass in inet6 proto icmp6 from any to self
|
||||
|
||||
# allow incoming ssh
|
||||
pass in proto tcp from any to self port ssh
|
||||
|
||||
include "/etc/pf.include.conf"
|
|
@ -22,3 +22,6 @@ gw-core01 ip=192.168.10.45
|
|||
|
||||
[server]
|
||||
hyper01 ip=10.84.1.21
|
||||
|
||||
[vms]
|
||||
eae-adp-jump01 ip=162.55.53.85 ansible_python_interpreter=/usr/local/bin/python3
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
- name: provision eap-adp-jump01
|
||||
hosts: eae-adp-jump01
|
||||
tasks:
|
||||
- name: create /etc/pf.include.conf
|
||||
file:
|
||||
path: /etc/pf.include.conf
|
||||
state: touch
|
||||
mode: 0600
|
||||
access_time: preserve
|
||||
|
||||
- name: basic firewall configuration
|
||||
copy:
|
||||
src: files/pf.conf
|
||||
dest: /etc/pf.conf
|
||||
validate: "/sbin/pfctl -vnf %s"
|
||||
notify:
|
||||
- reload firewall
|
||||
|
||||
- name: activate routing
|
||||
blockinfile:
|
||||
content: |
|
||||
net.inet.ip.forwarding=0
|
||||
net.inet6.ip6.forwarding=0
|
||||
path: /etc/sysctl.conf
|
||||
mode: 0600
|
||||
create: yes
|
||||
|
||||
handlers:
|
||||
- name: reload firewall
|
||||
command: pfctl -vf /etc/pf.conf
|
Loading…
Reference in New Issue