Unverified Commit 309b6701 authored by Mike Green's avatar Mike Green
Browse files

Added Shorewall tunnels, to manage VPNs (IPSEC, tinc, et al)

parent a13a9407
......@@ -37,9 +37,11 @@ shorewall_zones | `zone`, `type`, `options`, `options_in`, `options_out`
shorewall_policies | `source`, `dest`, `policy`, `log_level`, `burst_limit`, `conn_limit`
shorewall_rules | **sections**: `section`, **rules**: `rule`. For each **rule**: `action`, `source`, `dest`, `proto`, `dest_port`, `source_port`, `original_dest`, `rate_limit`, `user_group`, `mark`, `connlimit`, `time`, `headers`, `switch`, `helper`, `when`
shorewall_masq | `interface`, `source`, `address`, `proto`, `ports`, `ipsec`, `mark`, `user`, `switch`, `original_dest`
shorewall_tunnels | `type`, `zone`, `gateway`, `gateway_zone`
shorewall_hosts | `zone`, `hosts`, `options`
shorewall_params | `name`, `value`
### shorewall_package_state - Shorewall package state
See the Ansible [package module](http://docs.ansible.com/ansible/package_module.html) information for more details.
......@@ -149,6 +151,17 @@ shorewall_rules:
Define Masquerade/SNAT in the `/etc/shorewall/masq` file. See the Shorewall [masq man page](http://shorewall.org/manpages/shorewall-masq.html) for more details.
### shorewall_tunnels - Tunnels
Define VPN connections with endpoints on the firewall in the `/etc/shorewall/tunnels` file. See the Shorewall [tunnels man page](http://shorewall.net/manpages/shorewall-tunnels.html) for more details.
#### Example
```yaml
shorewall_tunnels:
- { type: ipsec, zone: net, gateway: "0.0.0.0/0", gateway_zones: "vpn1,vpn2" }
```
### shorewall_hosts - Hosts
Define multiple zones accessed through a single interface in the `/etc/shorewall/hosts` file. See the Shorewall [hosts man page](http://shorewall.org/manpages/shorewall-hosts.html) for more details.
......@@ -170,6 +183,7 @@ Assign any shell variables that you need in the `/etc/shorewall/params` file. Se
### Master Branch
- Added: The `shorewall_rules` has an added option `when` for each rule, which acts similar to Ansible's `when` statement and allows rules to be conditional.
- Added: role variable `shorewall_tunnels` for use with VPNs.
- *Changed:* The generated `shorewall_rules` will now take into account the `?` prefix in sections (i.e. `?ESTABLISHED`), which was introduced at Shorewall version 4.6. If the Shorewall version installed is older than 4.6, this prefix will be omitted to avoid errors.
### v1.0
......
......@@ -29,6 +29,9 @@ shorewall6_hosts: []
shorewall_params: []
shorewall6_params: []
shorewall_tunnels: []
shorewall6_tunnels: []
shorewall_policies:
- source: "$FW"
dest: all
......
......@@ -41,6 +41,7 @@
- policy
- rules
- hosts
- tunnels
notify:
- restart shorewall
tags:
......
......@@ -41,6 +41,7 @@
- policy
- rules
- hosts
- tunnels
notify:
- restart shorewall6
tags:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment