Import firewall role from network repo
Move, actually.
This commit is contained in:
parent
88061d97b2
commit
754c3da31f
21 changed files with 801 additions and 1 deletions
16
roles/firewall/templates/firewall.intf.j2
Normal file
16
roles/firewall/templates/firewall.intf.j2
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
# disable IP forwarding on management interfaces
|
||||
{% for iface in interfaces | map(attribute="name") | select("match", "^mgmt[0-9]+") %}
|
||||
iface {{ iface }}
|
||||
pre-up sysctl -w net.ipv4.conf.$IFACE.forwarding=0
|
||||
pre-up sysctl -w net.ipv6.conf.$IFACE.forwarding=0
|
||||
|
||||
{% endfor -%}
|
||||
|
||||
# create VLANs 2 and 4 on firewal—exit links for inside and outside traffic
|
||||
{% for iface in interfaces | map(attribute="name") | select("match", "^lan")
|
||||
| product([2, 4])
|
||||
| map("join", ".") %}
|
||||
auto {{ iface }}
|
||||
iface {{ iface }}
|
||||
|
||||
{% endfor %}
|
||||
Loading…
Add table
Add a link
Reference in a new issue