[skip ci] automated docs update
This commit is contained in:
parent
67bb8c416d
commit
c97ec3d3cd
231
README.md
231
README.md
|
@ -1 +1,232 @@
|
|||
# xoxys.firewalld
|
||||
|
||||
[![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.firewalld/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.firewalld)
|
||||
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.firewalld/src/branch/main/LICENSE)
|
||||
|
||||
Setup and configure host firewall with firewalld.
|
||||
|
||||
## Table of content
|
||||
|
||||
- [Requirements](#requirements)
|
||||
- [Default Variables](#default-variables)
|
||||
- [firewalld_allow_zone_drifting](#firewalld_allow_zone_drifting)
|
||||
- [firewalld_default_zone](#firewalld_default_zone)
|
||||
- [firewalld_enabled](#firewalld_enabled)
|
||||
- [firewalld_ipsets](#firewalld_ipsets)
|
||||
- [firewalld_ipsets_extra](#firewalld_ipsets_extra)
|
||||
- [firewalld_services](#firewalld_services)
|
||||
- [firewalld_services_extra](#firewalld_services_extra)
|
||||
- [firewalld_zones](#firewalld_zones)
|
||||
- [firewalld_zones_extra](#firewalld_zones_extra)
|
||||
- [firewalld_zones_unmanaged](#firewalld_zones_unmanaged)
|
||||
- [Dependencies](#dependencies)
|
||||
- [License](#license)
|
||||
- [Author](#author)
|
||||
|
||||
---
|
||||
|
||||
## Requirements
|
||||
|
||||
- Minimum Ansible version: `2.10`
|
||||
|
||||
## Default Variables
|
||||
|
||||
### firewalld_allow_zone_drifting
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_allow_zone_drifting: false
|
||||
```
|
||||
|
||||
### firewalld_default_zone
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_default_zone: public
|
||||
```
|
||||
|
||||
### firewalld_enabled
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_enabled: true
|
||||
```
|
||||
|
||||
### firewalld_ipsets
|
||||
|
||||
A firewalld ipset configuration provides the information of an ip set for firewalld.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_ipsets: []
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
firewalld_ipsets:
|
||||
- name: appserver
|
||||
type: "hash:net"
|
||||
short: "App Servers"
|
||||
description: "Allow http access from all appservers"
|
||||
option: {}
|
||||
entry:
|
||||
- 192.168.2.1
|
||||
- 192.168.2.2
|
||||
```
|
||||
|
||||
### firewalld_ipsets_extra
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_ipsets_extra: []
|
||||
```
|
||||
|
||||
### firewalld_services
|
||||
|
||||
A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules
|
||||
automatically loaded if a service is enabled.
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_services: []
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
- name: ""
|
||||
short: ""
|
||||
description: ""
|
||||
port: []
|
||||
protocol: []
|
||||
source_port: []
|
||||
module: []
|
||||
destination: {}
|
||||
```
|
||||
|
||||
### firewalld_services_extra
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_services_extra: []
|
||||
```
|
||||
|
||||
### firewalld_zones
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_zones:
|
||||
- name: public
|
||||
short: Public
|
||||
description: >-
|
||||
For use in public areas. You do not trust the other computers on networks
|
||||
to not harm your computer. Only selected incoming connections are accepted.
|
||||
service:
|
||||
- name: ssh
|
||||
- name: dhcpv6-client
|
||||
- name: cockpit
|
||||
```
|
||||
|
||||
#### Example usage
|
||||
|
||||
```YAML
|
||||
firewalld_zones:
|
||||
- name: ""
|
||||
short: ""
|
||||
description: ""
|
||||
target: ""
|
||||
interface:
|
||||
- name: ""
|
||||
source:
|
||||
- address: ""
|
||||
- mac: ""
|
||||
- ipset: ""
|
||||
service:
|
||||
- name: ""
|
||||
port:
|
||||
- { port: "", protocol: "" }
|
||||
protocol:
|
||||
- value:
|
||||
icmp-block:
|
||||
- name:
|
||||
icmp-block-inversion: true
|
||||
masquerade: true
|
||||
forward: true
|
||||
forward-port:
|
||||
- { port: "", protocol: "" }
|
||||
source-port:
|
||||
- { port: "", protocol: "" }
|
||||
rule:
|
||||
- source: { address: "", mac: "", ipset: ""}
|
||||
destination: { address: "", mac: "", ipset: ""}
|
||||
service: {name: ""}
|
||||
port: {port: "", protocol: ""}
|
||||
protocol: {value: ""}
|
||||
icmp-block:
|
||||
name: ""
|
||||
icmp-type:
|
||||
name: ""
|
||||
masquerade: true
|
||||
forward-port:
|
||||
port: ""
|
||||
protocol: ""
|
||||
to-port: ""
|
||||
to-addr: ""
|
||||
source-port:
|
||||
port: ""
|
||||
protocol: ""
|
||||
log:
|
||||
prefix: ""
|
||||
level: ""
|
||||
limit: ""
|
||||
audit:
|
||||
limit: ""
|
||||
accept:
|
||||
limit: ""
|
||||
reject:
|
||||
rejecttype: ""
|
||||
limit: ""
|
||||
drop:
|
||||
limit: ""
|
||||
mark:
|
||||
set:
|
||||
limit: ""
|
||||
end
|
||||
```
|
||||
|
||||
### firewalld_zones_extra
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_zones_extra: []
|
||||
```
|
||||
|
||||
### firewalld_zones_unmanaged
|
||||
|
||||
#### Default value
|
||||
|
||||
```YAML
|
||||
firewalld_zones_unmanaged: []
|
||||
```
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
||||
|
||||
## License
|
||||
|
||||
MIT
|
||||
|
||||
## Author
|
||||
|
||||
[Robert Kaussow](https://gitea.rknet.org/xoxys)
|
||||
|
|
Loading…
Reference in New Issue