ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

ferm.yml (1557B)


      1 ---
      2 
      3 ferm__host_rules:
      4   - type: 'accept'
      5     filename: 'haproxy'
      6     name: 'haproxy'
      7     table: 'filter'
      8     chain: 'INPUT'
      9     dport: [ 80, 443 ]
     10     protocol: 'tcp'
     11     domain: 'ip'
     12 
     13   - type: 'accept'
     14     filename: 'openvpn'
     15     name: 'openvpn'
     16     table: 'filter'
     17     chain: 'INPUT'
     18     dport: [ 1194 ]
     19     protocol: 'udp'
     20     domain: 'ip'
     21 
     22   - type: 'accept'
     23     filename: 'vmnet'
     24     name: 'vmnet'
     25     table: 'filter'
     26     chain: 'FORWARD'
     27     domain: 'ip'
     28     interface_present: 'tun0'
     29     outerface_present: 'virbr0'
     30     comment: 'Forward traffic from OpenVPN to VMs'
     31 
     32   - type: 'accept'
     33     filename: 'devnet'
     34     name: 'devnet'
     35     table: 'filter'
     36     chain: 'FORWARD'
     37     domain: 'ip'
     38     interface_present: 'tun0'
     39     outerface_present: 'virbr1'
     40     comment: 'Forward traffic from OpenVPN to devnet VMs'
     41 
     42   - type: 'accept'
     43     filename: 'vmnet_public'
     44     name: 'vmnet_public'
     45     table: 'filter'
     46     chain: 'FORWARD'
     47     domain: 'ip'
     48     interface_present: 'virbr0'
     49     saddr: '192.168.122.0/24'
     50     comment: 'Forward traffic from VMs to the internet'
     51 
     52   - type: 'accept'
     53     filename: 'devnet_public'
     54     name: 'devnet_public'
     55     table: 'filter'
     56     chain: 'FORWARD'
     57     domain: 'ip'
     58     interface_present: 'virbr1'
     59     saddr: '192.168.199.0/24'
     60     comment: 'Forward traffic from devnet VMs to the internet'
     61 
     62   - type: 'custom'
     63     filename: 'vmnet_nat'
     64     name: 'vmnet_nat'
     65     comment: 'Perform NAT for VMs'
     66     rules: |
     67       domain ip table nat chain POSTROUTING {
     68         outerface enp0s20f0 {
     69           MASQUERADE;
     70         }
     71       }