summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2019-01-18 00:37:50 +0100
committerChristian Pointner <equinox@spreadspace.org>2019-01-18 00:37:50 +0100
commit6586c9f03f9bd9467537f0eaedbc7da17265a67b (patch)
tree7ea509e5232ed6fc71d4b7d9a384a26352556e22 /roles
parentadded elevate-festival network config (diff)
added dummy firewall scripts
Diffstat (limited to 'roles')
-rw-r--r--roles/elevate/media/handlers/main.yml5
-rw-r--r--roles/elevate/media/tasks/network.yml27
-rw-r--r--roles/elevate/media/templates/firewall/elevate-festival.sh.j256
-rw-r--r--roles/elevate/media/templates/firewall/lan-only.sh.j256
-rw-r--r--roles/elevate/media/templates/firewall/r3-with-lan.sh.j256
-rw-r--r--roles/elevate/media/templates/firewall/r3.sh.j256
6 files changed, 253 insertions, 3 deletions
diff --git a/roles/elevate/media/handlers/main.yml b/roles/elevate/media/handlers/main.yml
index 9ad527c8..d5997632 100644
--- a/roles/elevate/media/handlers/main.yml
+++ b/roles/elevate/media/handlers/main.yml
@@ -2,6 +2,11 @@
- name: netplan apply
command: netplan apply
+- name: firewall restart
+ service:
+ name: saswall
+ state: restarted
+
- name: restart nmbd
service:
name: nmbd
diff --git a/roles/elevate/media/tasks/network.yml b/roles/elevate/media/tasks/network.yml
index 500588ed..012940c5 100644
--- a/roles/elevate/media/tasks/network.yml
+++ b/roles/elevate/media/tasks/network.yml
@@ -17,6 +17,20 @@
# - dhcp
notify: netplan apply
+- name: install firewall scripts
+ template:
+ src: "firewall/{{ item }}.sh.j2"
+ dest: "/etc/saswall/{{ item }}.sh"
+ mode: 0755
+ with_items:
+ - lan-only
+ - r3
+ - r3-with-lan
+ - elevate-festival
+ # - elevate-office
+ # - dhcp
+ notify: firewall restart
+
- name: remove default netplan config
file:
path: /etc/netplan/01-netcfg.yaml
@@ -24,11 +38,18 @@
notify: netplan apply
- name: set active netwok setup
+ with_items:
+ - dest: /etc/netplan/01-active.yaml
+ src: "conf-available/{{ network_setup }}.yaml"
+ - dest: /etc/saswall/rules.sh
+ src: "{{ network_setup }}.sh"
file:
state: link
- dest: /etc/netplan/01-active.yaml
- src: "conf-available/{{ network_setup }}.yaml"
- notify: netplan apply
+ dest: "{{ item.dest }}"
+ src: "{{ item.src }}"
+ notify:
+ - netplan apply
+ - firewall restart
- name: make sure network config has been applied
meta: flush_handlers
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP #
+#########################
+
+ipv4_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 UP #
+#########################
+
+ipv6_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN #
+#########################
+
+ipv4_down() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN #
+#########################
+
+ipv6_down() {
+ # don't do anything here
+ echo -n "success"
+}
diff --git a/roles/elevate/media/templates/firewall/lan-only.sh.j2 b/roles/elevate/media/templates/firewall/lan-only.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/lan-only.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP #
+#########################
+
+ipv4_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 UP #
+#########################
+
+ipv6_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN #
+#########################
+
+ipv4_down() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN #
+#########################
+
+ipv6_down() {
+ # don't do anything here
+ echo -n "success"
+}
diff --git a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP #
+#########################
+
+ipv4_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 UP #
+#########################
+
+ipv6_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN #
+#########################
+
+ipv4_down() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN #
+#########################
+
+ipv6_down() {
+ # don't do anything here
+ echo -n "success"
+}
diff --git a/roles/elevate/media/templates/firewall/r3.sh.j2 b/roles/elevate/media/templates/firewall/r3.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/r3.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP #
+#########################
+
+ipv4_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 UP #
+#########################
+
+ipv6_up() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN #
+#########################
+
+ipv4_down() {
+ # don't do anything here
+ echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN #
+#########################
+
+ipv6_down() {
+ # don't do anything here
+ echo -n "success"
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 03:10:43 +0000