slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

: nsd, the comeback
All checks were successful
ansible-lint / lint-everything (push) Successful in 2m4s
Details

Browse Source
This commit is contained in:
VC
2025-04-01 15:50:01 +02:00
parent a94e9fcc9e
commit 52794f1892
32 changed files with 653 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
roles/firewall/templates/firewall.j2
View File

@@ -350,6 +350,53 @@ config redirect
option dest_port '64738'
option target 'DNAT'
# Allow DNS traffic
config rule
option name 'Allow-INPUT-DNS'
option src 'wan'
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['dns1'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
option dest_port '53'
option target 'ACCEPT'
option family 'ipv6'
config redirect
option name 'Allow-INPUT-DNS'
option src 'wan'
option src_dport '53'
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['dns1'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '53'
option target 'DNAT'
config rule
option name 'Allow-OUTPUT-DNS'
option src 'dmz'
option src_ip '{{ hostvars['dns1'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
option dest_port '53'
option dest_ip '{{ hostvars['ks3370405'].ansible_default_ipv4.address }}'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-OUTPUT-DNS'
option src 'dmz'
option src_ip '{{ hostvars['dns1'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
option dest_port '53'
option dest_ip '{{ hostvars['ks3370405'].ansible_default_ipv6.address }}'
option target 'ACCEPT'
option family 'ipv6'
# Allow mail traffic
config rule
option name 'Allow-OUTPUT-SMTP'