ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Add ulogd2

Browse Source
This commit is contained in:
Ryan Cavicchioni
2019-09-02 17:50:56 +00:00
parent a44a6540ba
commit a511491bdf
7 changed files with 97 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/firewall/defaults/main.yaml
View File

@@ -11,6 +11,10 @@ firewall_iptables_persistent_package_state: present
firewall_iptables_persistent_service_state: started
firewall_iptables_persistent_service_enabled: true
firewall_ulogd_package_state: present
firewall_ulogd_service_state: started
firewall_ulogd_service_enabled: true
firewall_iptables_persistent_plugin_path: /usr/share/netfilter-persistent/plugins.d
firewall_ipset_save_path: /etc/iptables/ipset
@@ -25,6 +29,11 @@ firewall_iptables_input_policy_v6: DROP
firewall_iptables_output_policy_v6: ACCEPT
firewall_iptables_forward_policy_v6: DROP
firewall_use_ulogd: true
firewall_ulogd_nflog_group: 1
firewall_ulogd_syslog_facility: LOG_LOCAL0
firewall_ulogd_syslog_level: LOG_INFO
firewall_drop_icmp_flood: true
firewall_limit_icmp_flood_seconds: 1
firewall_limit_icmp_flood_hitcount: 6