slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ajout de XMPP

Browse Source
This commit is contained in:
VC
2019-09-05 13:41:57 +02:00
parent 66717dcc13
commit 84afea328a
11 changed files with 395 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
roles/firewall/templates/firewall.j2
View File

@@ -122,35 +122,25 @@ config rule
option target 'ACCEPT'
option family 'ipv6'
config rule
option name 'n0box2-XMPP-c2s+s2s'
option src 'wan'
option proto 'tcpudp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
option dest_port '5222 5269'
option target 'ACCEPT'
option family 'ipv6'
#config rule
# option name 'n0box2-TS-com+com2'
# option src 'wan'
# option proto 'tcp'
# option dest 'lan'
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
# option dest_port '10011 30033'
# option target 'ACCEPT'
# option family 'ipv6'
config rule
option name 'n0box2-TS-com+com2'
option src 'wan'
option proto 'tcp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
option dest_port '10011 30033'
option target 'ACCEPT'
option family 'ipv6'
config rule
option name 'n0box2-TS-signal'
option src 'wan'
option proto 'udp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
option dest_port '9987'
option target 'ACCEPT'
option family 'ipv6'
#config rule
# option name 'n0box2-TS-signal'
# option src 'wan'
# option proto 'udp'
# option dest 'lan'
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
# option dest_port '9987'
# option target 'ACCEPT'
# option family 'ipv6'
config rule
option name 'n0box2-mumble'
@@ -212,55 +202,35 @@ config redirect
option dest_port '993'
option target 'DNAT'
config redirect
option name 'n0box2-XMPP-c2s'
option src 'wan'
option src_dport '5222'
option proto 'tcpudp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '5222'
option target 'DNAT'
#config redirect
# option name 'n0box2-TS-com'
# option src 'wan'
# option src_dport '10011'
# option proto 'tcp'
# option dest 'lan'
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
# option dest_port '10011'
# option target 'DNAT'
config redirect
option name 'n0box2-XMPP-s2s'
option src 'wan'
option src_dport '5269'
option proto 'tcpudp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '5269'
option target 'DNAT'
#config redirect
# option name 'n0box2-TS-com2'
# option src 'wan'
# option src_dport '30033'
# option proto 'tcp'
# option dest 'lan'
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
# option dest_port '30033'
# option target 'DNAT'
config redirect
option name 'n0box2-TS-com'
option src 'wan'
option src_dport '10011'
option proto 'tcp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '10011'
option target 'DNAT'
config redirect
option name 'n0box2-TS-com2'
option src 'wan'
option src_dport '30033'
option proto 'tcp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '30033'
option target 'DNAT'
config redirect
option name 'n0box2-TS-signal'
option src 'wan'
option src_dport '9987'
option proto 'udp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '9987'
option target 'DNAT'
#config redirect
# option name 'n0box2-TS-signal'
# option src 'wan'
# option src_dport '9987'
# option proto 'udp'
# option dest 'lan'
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
# option dest_port '9987'
# option target 'DNAT'
config redirect
option name 'n0box2-mumble'
@@ -355,7 +325,7 @@ config rule
option proto 'tcpudp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '25 80 443 465 587 143 993'
option dest_port '25 26 80 443 465 587 143 993'
option target 'ACCEPT'
option family 'ipv4'
@@ -365,7 +335,7 @@ config rule
option proto 'tcpudp'
option dest 'lan'
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
option dest_port '25 80 443 465 587 143 993'
option dest_port '25 26 80 443 465 587 143 993'
option target 'ACCEPT'
option family 'ipv6'
@@ -467,6 +437,57 @@ config rule
option target 'ACCEPT'
option family 'ipv4'
# Allow XMPP traffic
config rule
option name 'Allow-OUTPUT-XMPP-s2s'
option src 'dmz'
option src_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address']}}'
option proto 'tcpudp'
option dest 'wan'
option dest_port '5269'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-OUTPUT-XMPP-s2s'
option src 'dmz'
option src_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
option proto 'tcpudp'
option dest 'wan'
option dest_port '5269'
option target 'ACCEPT'
option family 'ipv6'
config redirect
option name 'Allow-INPUT-XMPP-c2s'
option src 'wan'
option src_dport '5222'
option proto 'tcpudp'
option dest 'dmz'
option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '5222'
option target 'DNAT'
config redirect
option name 'Allow-INPUT-XMPP-s2s'
option src 'wan'
option src_dport '5269'
option proto 'tcpudp'
option dest 'dmz'
option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
option dest_port '5269'
option target 'DNAT'
config rule
option name 'Allow-INPUT-XMPP-c2s+s2s'
option src 'wan'
option proto 'tcpudp'
option dest 'dmz'
option dest_ip '{{ hostvars['jabber.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
option dest_port '5222 5269'
option target 'ACCEPT'
option family 'ipv6'
## Default configuration
config defaults
option syn_flood '1'