add vm eap-adp-jump01

with a basic playbook for configuration

files/pf.conf

@@ -0,0 +1,27 @@
+#	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
+#
+# See pf.conf(5) and /etc/examples/pf.conf
+
+set skip on lo
+
+block return	# block stateless traffic
+
+# By default, do not permit remote connections to X11
+block return in on ! lo0 proto tcp to port 6000:6010
+
+# Port build user does not need network
+block return out log proto {tcp udp} user _pbuild
+
+# allow outgoing tcp, udp and icmp
+pass out proto { tcp, udp } from self to any
+pass out inet  proto icmp  from self to any
+pass out inet6 proto icmp6 from self to any
+
+# allow incoming icmp
+pass in inet  proto icmp  from any to self
+pass in inet6 proto icmp6 from any to self
+
+# allow incoming ssh
+pass in proto tcp from any to self port ssh
+
+include "/etc/pf.include.conf"

inventory

@@ -22,3 +22,6 @@ gw-core01 ip=192.168.10.45
 
 [server]
 hyper01 ip=10.84.1.21 
+
+[vms]
+eae-adp-jump01 ip=162.55.53.85 ansible_python_interpreter=/usr/local/bin/python3

playbook_provision_eap-adp-jump01.yml

@@ -0,0 +1,31 @@
+---
+- name: provision eap-adp-jump01
+  hosts: eae-adp-jump01
+  tasks:
+    - name: create /etc/pf.include.conf
+      file:
+        path: /etc/pf.include.conf
+        state: touch
+        mode: 0600
+        access_time: preserve
+
+    - name: basic firewall configuration
+      copy:
+        src: files/pf.conf
+        dest: /etc/pf.conf
+        validate: "/sbin/pfctl -vnf %s"
+      notify:
+        - reload firewall
+
+    - name: activate routing
+      blockinfile:
+        content: |
+          net.inet.ip.forwarding=0
+          net.inet6.ip6.forwarding=0
+        path: /etc/sysctl.conf
+        mode: 0600
+        create: yes
+
+  handlers:
+    - name: reload firewall
+      command: pfctl -vf /etc/pf.conf