From 6586c9f03f9bd9467537f0eaedbc7da17265a67b Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 18 Jan 2019 00:37:50 +0100
Subject: added dummy firewall scripts

---
 roles/elevate/media/handlers/main.yml              |  5 ++
 roles/elevate/media/tasks/network.yml              | 27 +++++++++--
 .../templates/firewall/elevate-festival.sh.j2      | 56 ++++++++++++++++++++++
 .../media/templates/firewall/lan-only.sh.j2        | 56 ++++++++++++++++++++++
 .../media/templates/firewall/r3-with-lan.sh.j2     | 56 ++++++++++++++++++++++
 roles/elevate/media/templates/firewall/r3.sh.j2    | 56 ++++++++++++++++++++++
 6 files changed, 253 insertions(+), 3 deletions(-)
 create mode 100644 roles/elevate/media/templates/firewall/elevate-festival.sh.j2
 create mode 100644 roles/elevate/media/templates/firewall/lan-only.sh.j2
 create mode 100644 roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
 create mode 100644 roles/elevate/media/templates/firewall/r3.sh.j2

(limited to 'roles')

diff --git a/roles/elevate/media/handlers/main.yml b/roles/elevate/media/handlers/main.yml
index 9ad527c8..d5997632 100644
--- a/roles/elevate/media/handlers/main.yml
+++ b/roles/elevate/media/handlers/main.yml
@@ -2,6 +2,11 @@
 - name: netplan apply
   command: netplan apply
 
+- name: firewall restart
+  service:
+    name: saswall
+    state: restarted
+
 - name: restart nmbd
   service:
     name: nmbd
diff --git a/roles/elevate/media/tasks/network.yml b/roles/elevate/media/tasks/network.yml
index 500588ed..012940c5 100644
--- a/roles/elevate/media/tasks/network.yml
+++ b/roles/elevate/media/tasks/network.yml
@@ -17,6 +17,20 @@
     # - dhcp
   notify: netplan apply
 
+- name: install firewall scripts
+  template:
+    src: "firewall/{{ item }}.sh.j2"
+    dest: "/etc/saswall/{{ item }}.sh"
+    mode: 0755
+  with_items:
+    - lan-only
+    - r3
+    - r3-with-lan
+    - elevate-festival
+    # - elevate-office
+    # - dhcp
+  notify: firewall restart
+
 - name: remove default netplan config
   file:
     path: /etc/netplan/01-netcfg.yaml
@@ -24,11 +38,18 @@
   notify: netplan apply
 
 - name: set active netwok setup
+  with_items:
+    - dest: /etc/netplan/01-active.yaml
+      src: "conf-available/{{ network_setup }}.yaml"
+    - dest: /etc/saswall/rules.sh
+      src: "{{ network_setup }}.sh"
   file:
     state: link
-    dest: /etc/netplan/01-active.yaml
-    src: "conf-available/{{ network_setup }}.yaml"
-  notify: netplan apply
+    dest: "{{ item.dest }}"
+    src: "{{ item.src }}"
+  notify:
+    - netplan apply
+    - firewall restart
 
 - name: make sure network config has been applied
   meta: flush_handlers
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions         #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP               #
+#########################
+
+ipv4_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 UP               #
+#########################
+
+ipv6_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN             #
+#########################
+
+ipv4_down() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN             #
+#########################
+
+ipv6_down() {
+  # don't do anything here
+  echo -n "success"
+}
diff --git a/roles/elevate/media/templates/firewall/lan-only.sh.j2 b/roles/elevate/media/templates/firewall/lan-only.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/lan-only.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions         #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP               #
+#########################
+
+ipv4_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 UP               #
+#########################
+
+ipv6_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN             #
+#########################
+
+ipv4_down() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN             #
+#########################
+
+ipv6_down() {
+  # don't do anything here
+  echo -n "success"
+}
diff --git a/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2 b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/r3-with-lan.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions         #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP               #
+#########################
+
+ipv4_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 UP               #
+#########################
+
+ipv6_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN             #
+#########################
+
+ipv4_down() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN             #
+#########################
+
+ipv6_down() {
+  # don't do anything here
+  echo -n "success"
+}
diff --git a/roles/elevate/media/templates/firewall/r3.sh.j2 b/roles/elevate/media/templates/firewall/r3.sh.j2
new file mode 100644
index 00000000..041e441b
--- /dev/null
+++ b/roles/elevate/media/templates/firewall/r3.sh.j2
@@ -0,0 +1,56 @@
+#######################
+# Definitions         #
+#######################
+
+IPTABLES="/sbin/iptables"
+IP6TABLES="/sbin/ip6tables"
+
+[ -x $IPTABLES ] || exit 0
+[ -x $IP6TABLES ] || exit 0
+
+FILTER="$IPTABLES -t filter"
+NAT="$IPTABLES -t nat"
+MANGLE="$IPTABLES -t mangle"
+
+FILTER6="$IP6TABLES -t filter"
+MANGLE6="$IP6TABLES -t mangle"
+
+
+#########################
+# IPv4 UP               #
+#########################
+
+ipv4_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 UP               #
+#########################
+
+ipv6_up() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv4 DOWN             #
+#########################
+
+ipv4_down() {
+  # don't do anything here
+  echo -n "success"
+}
+
+
+#########################
+# IPv6 DOWN             #
+#########################
+
+ipv6_down() {
+  # don't do anything here
+  echo -n "success"
+}
-- 
cgit v1.2.3