No Description

Edin Sarajlic f0b004ddce README: Fix whitespace for clarity 2 years ago
defaults 417811b5df Add task for deploying custom config 3 years ago
files 2f4e7b3620 INPUT/OUTPUT rules are now configured using variables - nice! 3 years ago
handlers 08c76a2d2e Initial commit 5 years ago
tasks 417811b5df Add task for deploying custom config 3 years ago
templates 2cdb7794a7 Rename variable: default_*_policy -> ferm_default_*_policy - gives variable more context, less likely to be confused 4 years ago
README f0b004ddce README: Fix whitespace for clarity 2 years ago

README

Created for, and tested on Debian Wheezy and Debian Jessie.

A role for setting up ferm (a firewalling program).

Clone this git repo into your Ansible's role directory, e.g.:

git clone ansible-ferm.git roles/ferm

---

A simple firewall that should be good enough for most static server
configurations.

The core firewall config (see: templates/ferm.conf.j2) defines three
chains (INPUT, OUTPUT, FORWARD). NOTE: The FORWARD chain is currently
non-functional.

The firewall's chains policy default to the following, and can be overriden
by redefining the following Ansible variables:

ferm_default_input_policy: ACCEPT
ferm_default_output_policy: ACCEPT
ferm_default_forward_policy: DROP

Rules can be added to each chain, by adding items the following list
variables:

ferm_rules_input_list:
- empty_rule
ferm_rules_output_list:
- empty_rule

A small set of core rules is provided in files/rules.d

---

The provided task "deploy_custom_config.yml" copies files from the
source (Ansible server) to the destination (ferm/firewall server)

This allows you to centrally manage (and easily version control) files
that may be unique per-host, such as individual firewall rules.

Once ANY file(s) have been copied across, the ferm server is restarted.

Variables to define:

Source, as defined by the variable:
ferm_custom_config_src
e.g. "{{ inventory_hostname }}/etc/ferm/"

Destination, as defined by the variable:
ferm_custom_config_dst
defaults to /etc/ferm/