ansible/roles/firewall/defaults/main.yaml

127 lines
3.0 KiB
YAML
Raw Normal View History

2019-08-25 02:06:19 +00:00
---
firewall_iptables_rules_v4: /etc/iptables/rules.v4-tmp
firewall_iptables_rules_v6: /etc/iptables/rules.v6-tmp
2022-08-30 12:22:53 +00:00
firewall_ipset: /etc/iptables/ipset-tmp
2019-08-25 02:06:19 +00:00
firewall_ipset_v4: /etc/iptables/ipset.v4-tmp
firewall_ipset_v6: /etc/iptables/ipset.v6-tmp
2019-11-25 00:55:55 +00:00
firewall_iptables_package_state: present
firewall_iptables_package_name: iptables
#firewall_iptables_service_state: started
#firewall_iptables_service_enabled: true
2019-08-25 02:06:19 +00:00
firewall_iptables_persistent_package_name: iptables-persistent
firewall_iptables_persistent_package_state: present
firewall_iptables_persistent_service_state: started
firewall_iptables_persistent_service_enabled: true
2019-09-02 17:50:56 +00:00
firewall_ulogd_package_state: present
firewall_ulogd_service_state: started
firewall_ulogd_service_enabled: true
2019-08-25 02:06:19 +00:00
firewall_iptables_persistent_plugin_path: /usr/share/netfilter-persistent/plugins.d
firewall_ipset_save_path: /etc/iptables/ipset
firewall_ipset_package_name: ipset
firewall_ipset_package_state: present
firewall_iptables_input_policy: ACCEPT
2019-08-25 02:06:19 +00:00
firewall_iptables_output_policy: ACCEPT
firewall_iptables_forward_policy: ACCEPT
2019-08-25 02:06:19 +00:00
firewall_iptables_input_policy_v6: ACCEPT
2019-08-25 02:06:19 +00:00
firewall_iptables_output_policy_v6: ACCEPT
firewall_iptables_forward_policy_v6: ACCEPT
2019-08-25 02:06:19 +00:00
2019-09-02 17:50:56 +00:00
firewall_use_ulogd: true
2019-09-02 17:53:12 +00:00
firewall_ulogd_package_name: ulogd2
firewall_ulogd_service_name: ulogd2.service
firewall_ulogd_config_path: /etc/ulogd.conf
2019-09-02 17:50:56 +00:00
firewall_ulogd_nflog_group: 1
2019-11-26 00:24:14 +00:00
# debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
firewall_ulogd_log_level: 3
firewall_ulogd_packet_mode_enabled: yes
firewall_ulogd_packet_mode_syslog_facility: LOG_LOCAL0
firewall_ulogd_packet_mode_syslog_level: LOG_INFO
firewall_ulogd_flow_mode_enabled: yes
firewall_ulogd_flow_mode_syslog_facility: LOG_LOCAL1
firewall_ulogd_flow_mode_syslog_level: LOG_INFO
firewall_iptables_nflog_group: 1
2019-09-02 17:51:48 +00:00
2019-08-25 02:06:19 +00:00
firewall_drop_icmp_flood: true
2019-08-27 06:08:19 +00:00
firewall_limit_icmp_flood_seconds: 1
firewall_limit_icmp_flood_hitcount: 6
2019-08-25 02:06:19 +00:00
2019-08-30 00:33:49 +00:00
firewall_loopback_notrack: true
2019-11-29 04:47:59 +00:00
firewall_limited_tcp_ports: []
2019-08-25 02:06:19 +00:00
2019-11-29 04:47:59 +00:00
firewall_allowed_tcp_ports: []
firewall_allowed_udp_ports: []
2019-08-25 02:06:19 +00:00
firewall_log_limit: 3/min
firewall_log_limit_burst: 10
firewall_limit_ssh: true
2022-08-30 12:22:53 +00:00
firewall_limit_ssh_seconds: 600
firewall_limit_ssh_hitcount: 10
2019-08-25 02:06:19 +00:00
firewall_bogon_interface: "{{ ansible_default_ipv4.interface }}"
2019-11-29 04:47:59 +00:00
firewall_ssh_whitelist: []
2019-11-25 01:10:21 +00:00
2019-08-25 02:06:19 +00:00
# ipset's
2019-09-02 17:54:36 +00:00
firewall_ipset_cooloff_timeout: 600
2019-08-30 02:34:58 +00:00
2019-11-29 04:47:59 +00:00
firewall_ipset_blacklist: []
2019-08-25 02:06:19 +00:00
2019-11-29 04:47:59 +00:00
firewall_ipset_mgmt: []
2019-08-25 02:06:19 +00:00
firewall_ipset_bogons:
2019-11-29 04:47:59 +00:00
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- ::/96
- ::/128
- ::1/128
- ::ffff:0.0.0.0/96
- ::224.0.0.0/100
- ::127.0.0.0/104
- ::0.0.0.0/104
- ::255.0.0.0/104
- 0000::/8
- 0200::/7
- 3ffe::/16
- 2001:db8::/32
- 2002:e000::/20
- 2002:7f00::/24
- 2002:0000::/24
- 2002:ff00::/24
- 2002:0a00::/24
- 2002:ac10::/28
- 2002:c0a8::/32
- fc00::/7
- fe80::/10
- fec0::/10
- ff00::/8
firewall_allowed_icmp_types: []
firewall_allowed_icmpv6_types: []