Unverified Commit fa448348 authored by Mike Green's avatar Mike Green
Browse files

Default rule includes used SSH port rather than hard-coded 'ssh'

parent 179828da
---
# Defaults file for Myatu.shorewall
shorewall_include_ssh_rule: True
shorewall_conf: {}
shorewall6_conf: {}
......@@ -69,7 +71,7 @@ shorewall_rules:
- section: NEW
rules:
- { action: "Invalid(DROP)", source: net, dest: "$FW", proto: tcp }
- { action: ACCEPT, source: net, dest: "$FW", proto: tcp, dest_port: ssh }
- { action: ACCEPT, source: net, dest: "$FW", proto: tcp, dest_port: "{{ ansible_ssh_port | default('ssh', True) }}" }
- { action: ACCEPT, source: net, dest: "$FW", proto: icmp, dest_port: echo-request }
shorewall6_rules:
......@@ -86,7 +88,7 @@ shorewall6_rules:
- section: NEW
rules:
- { action: "Invalid(DROP)", source: net, dest: "$FW", proto: tcp }
- { action: ACCEPT, source: net, dest: "$FW", proto: tcp, dest_port: ssh }
- { action: ACCEPT, source: net, dest: "$FW", proto: tcp, dest_port: "{{ ansible_ssh_port | default('ssh', True) }}" }
- { action: ACCEPT, source: net, dest: "$FW", proto: ipv6-icmp, dest_port: echo-request }
shorewall_zones:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment