ansible/roles/firewall/templates/ipset.v4.j2

38 lines
1.3 KiB
Plaintext
Raw Permalink Normal View History

2019-08-30 02:34:58 +00:00
{% macro render_ipset(ipset, name, type="hash:net", family="inet", timeout=None) %}
create {{ name }} {{ type | default('hash:net') }} family {{ family }} counters {% if timeout %}timeout {{ timeout }}{% endif %} -exist
2019-08-25 02:06:19 +00:00
flush {{ name }}
2019-11-29 04:47:59 +00:00
{% if ipset | length %}
2022-08-31 03:30:13 +00:00
{% for ip_or_net in ipset | ansible.utils.ipv4 %}
2019-08-25 02:06:19 +00:00
add {{ name }} {{ ip_or_net }}
{% endfor %}
2019-11-29 04:47:59 +00:00
{% endif %}
2019-08-25 02:06:19 +00:00
{% endmacro %}
2022-08-30 12:22:53 +00:00
{{ render_ipset(firewall_ipset_mgmt, 'mgmt4') }}
2019-08-25 02:06:19 +00:00
2022-08-30 12:22:53 +00:00
{{ render_ipset([], 'blacklist4') }}
{{ render_ipset([], 'graylist4', type="hash:ip", timeout=600) }}
2019-08-25 02:06:19 +00:00
2022-08-30 12:22:53 +00:00
{{ render_ipset(firewall_ipset_bogons, 'bogons4') }}
2019-08-30 02:34:58 +00:00
2022-08-30 12:22:53 +00:00
{{ render_ipset([], 'cooloff4', type="hash:ip", timeout=firewall_ipset_cooloff_timeout) }}
{% if firewall_ipset_node_exporter is defined %}
{{ render_ipset(firewall_ipset_node_exporter, 'node_exporter4') }}
{% endif %}
{% if firewall_ipset_blackbox_exporter is defined %}
{{ render_ipset(firewall_ipset_blackbox_exporter, 'blackbox_exporter4') }}
{% endif %}
{% if firewall_ipset_mtail is defined %}
{{ render_ipset(firewall_ipset_mtail, 'mtail4') }}
{% endif %}
{% if firewall_ipset_syslog is defined %}
{{ render_ipset(firewall_ipset_syslog, 'syslog4') }}
{% endif %}
{% if firewall_ipset_influxdb is defined %}
{{ render_ipset(firewall_ipset_influxdb, 'influxdb4') }}
{% endif %}
{% if firewall_ipset_dns is defined %}
{{ render_ipset(firewall_ipset_dns, 'dns4') }}
{% endif %}