Commit b90db3c8 authored by Lindsay's avatar Lindsay
Browse files

Add support for Shorewall files mangle, providers, routes, rtrules, tcinterfaces

parent 55e255cd
......@@ -36,6 +36,24 @@ shorewall6_stoppedrules: []
shorewall_hosts: []
shorewall6_hosts: []
shorewall_providers: []
shorewall6_providers: []
shorewall_rtrules: []
shorewall6_rtrules: []
shorewall_mangle: []
shorewall6_mangle: []
shorewall_routes: []
shorewall6_routes: []
shorewall_tcinterfaces: []
shorewall6_tcinterfaces: []
shorewall_actions: []
shorewall6_actions: []
shorewall_params: []
shorewall6_params: []
......
......@@ -44,10 +44,14 @@
- policy
- rules
- hosts
# - providers
- providers
- tunnels
# - actions
# - actions
- stoppedrules
- rtrules
- mangle
- routes
- tcinterfaces
notify:
- restart shorewall
tags:
......@@ -72,7 +76,7 @@
- configuration
when: (shorewall_version|float < 5.0)
- name: Generate Shorewall masq file
- name: Generate Shorewall snat file
template:
dest: "/etc/shorewall/{{ item }}"
src: "shorewall/{{ item }}.j2"
......
# {{ ansible_managed }}
#
# Shorewall - Mangle File
#
# For information about entries in this file, type "man shorewall-mangle"
#
# See https://shorewall.org/manpages/shorewall-mangle.html for additional information
############################################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT USER TEST length tos connbytes helper headers probability dscp switch
{% for mangle in shorewall_mangle %}
{% if mangle.get('when', True) %}
{% if mangle.comment is defined %}
# {{ mangle.comment }} {% endif %}
{% if mangle.action is defined %}
{{ mangle.action }} {{ mangle.source | default('0.0.0.0/0') }} {{ mangle.dest | default('0.0.0.0/0') }} {{ mangle.proto | default('-') }} {{ mangle.dport | default('-') }} {{ mangle.sport | default('-') }} {{ mangle.user | default('-') }} {{ mangle.test | default('-') }} {% endif %}
{% endif %}
{% endfor %}
......@@ -9,8 +9,6 @@
############################################################################################
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
{% for provider in shorewall_providers %}
{{ provider.name }} {{ provider.number }} {{ provider.mark }} {{ provider.duplicate }} {{ provider.interface }} {{ provider.gateway }} {{ provider.options }} {{ provider.copyinterfaces }}
{{ provider.name }} {{ provider.number }} {{ provider.mark }} {{ provider.duplicate | default('-') }} {{ provider.interface }} {{ provider.gateway }} {{ provider.options }} {{ provider.copy | default('-') }}
{% endfor %}
# {{ ansible_managed }}
#
# Shorewall - Routes File
#
# For information about entries in this file, type "man shorewall-routes"
#
#See https://shorewall.org/manpages/shorewall-routes.html for additional information
#
############################################################################################
#PROVIDER DEST GATEWAY DEVICE OPTIONS
{% for routes in shorewall_routes %}
{% if routes.get('when', True) %}
{% if routes.comment is defined %}
# {{ routes.comment }} {% endif %}
{% if routes.dest is defined %}
{{ routes.provider | default('main') }} {{ routes.dest }} {{ routes.gateway | default('-') }} {{ routes.device | default('-') }} {{ routes.options | default('-') }} {% endif %}
{% endif %}
{% endfor %}
# {{ ansible_managed }}
#
# Shorewall - rtrules File
#
# For information about entries in this file, type "man shorewall-rtrules"
#
# See https://shorewall.org/manpages/shorewall-rtrules.html for additional information
############################################################################################
#SOURCE DEST PROVIDER PRIORITY MASK
{% for rtrules in shorewall_rtrules %}
{% if rtrules.get('when', True) %}
{% if rtrules.comment is defined %}
# {{ rtrules.comment }} {% endif %}
{% if rtrules.provider is defined %}
{{ rtrules.source | default('-') }} {{ rtrules.dest | default('-') }} {{ rtrules.provider }} {{ rtrules.priority }} {{ rtrules.mask | default('-') }} {% endif %}
{% endif %}
{% endfor %}
# {{ ansible_managed }}
#
# Shorewall - tcinterfaces File
#
# For information on the settings in this file, type "man shorewall-tcinterfaces"
#
# The manpage is also online at
# https://shorewall.org/manpages/shorewall-tcinterfaces.html
#
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
{% for tci in shorewall_tcinterfaces %}
{{ tci.interface }} {{ tci.type | default('-') }} {{ tci.in_bandwidth | default('-') }} {{ tci.out_bandwidth | default('-') }}
{% endfor %}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment