commit f6a2053355

Author: Robert Kaussow <mail@thegeeklab.de> Date: Mon Jun 13 22:18:21 2022 +0200 fix configuration templates
2022-06-14 06:36:47 +00:00 · 2022-06-14 06:36:47 +00:00 · 074eb22b8e
commit 074eb22b8e
parent 0d78e39f21
1 changed files with 150 additions and 0 deletions
--- a/index.md
+++ b/index.md
@ -0,0 +1,150 @@
+---
+title: firewalld
+type: docs
+---
+
+[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.firewalld) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.firewalld?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.firewalld) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.firewalld/src/branch/main/LICENSE)
+
+Setup and configure host firewall with firewalld.
+
+<!--more-->
+
+- [Default Variables](#default-variables)
+  - [firewalld_allow_zone_drifting](#firewalld_allow_zone_drifting)
+  - [firewalld_default_zone](#firewalld_default_zone)
+  - [firewalld_ipsets](#firewalld_ipsets)
+  - [firewalld_services](#firewalld_services)
+  - [firewalld_zones](#firewalld_zones)
+- [Dependencies](#dependencies)
+
+---
+
+## Default Variables
+
+### firewalld_allow_zone_drifting
+
+#### Default value
+
+```YAML
+firewalld_allow_zone_drifting: false
+```
+
+### firewalld_default_zone
+
+#### Default value
+
+```YAML
+firewalld_default_zone: public
+```
+
+### firewalld_ipsets
+
+A firewalld ipset configuration provides the information of an ip set for firewalld.
+
+#### Default value
+
+```YAML
+firewalld_ipsets: []
+```
+
+#### Example usage
+
+```YAML
+firewalld_ipsets:
+    - name: appserver
+      type: "hash:net"
+      short: "App Servers"
+      description: "Allow http access from all appservers"
+      option: {}
+      entry:
+        - 192.168.2.1
+        - 192.168.2.2
+```
+
+### firewalld_services
+
+#### Default value
+
+```YAML
+firewalld_services: []
+```
+
+### firewalld_zones
+
+#### Default value
+
+```YAML
+firewalld_zones: []
+```
+
+#### Example usage
+
+```YAML
+firewalld_zones:
+  - name: ""
+    short: ""
+    description: ""
+    target: ""
+    interface:
+      - name: ""
+    source:
+      - address: ""
+      - mac: ""
+      - ipset: ""
+    service:
+      - name: ""
+    port:
+      - { port: "", protocol: "" }
+    protocol:
+      - value:
+    icmp-block:
+      - name:
+    icmp-block-inversion: true
+    masquerade: true
+    forward-port:
+      - { port: "", protocol: "" }
+    source-port:
+      - { port: "", protocol: "" }
+    rule:
+      - source: { address: "", mac: "", ipset: ""}
+        destination: { address: "", mac: "", ipset: ""}
+        service: {name: ""}
+        port: {port: "", protocol: ""}
+        protocol: {value: ""}
+        icmp-block:
+          name: ""
+        icmp-type:
+          name: ""
+        masquerade: true
+        forward-port:
+          port: ""
+          protocol: ""
+          to-port: ""
+          to-addr: ""
+        source-port:
+          port: ""
+          protocol: ""
+        log:
+          prefix: ""
+          level: ""
+          limit: ""
+        audit:
+          limit: ""
+        accept:
+          limit: ""
+        reject:
+          rejecttype: ""
+          limit: ""
+        drop:
+          limit: ""
+        mark:
+          set:
+          limit: ""
+end
+```
+
+
+
+## Dependencies
+
+None.