Gitlab-Migration/finlog-ansible
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Ansible playbooks, inventory, and scripts for initial setup

Browse Source 
Includes:
- `bootstrap-debian13.yml` for system setup and user configuration
- `firewall-iptables.yml` for IPv4 firewall management
- `run-playbook.sh` and `check.sh` scripts for playbook execution and validation
- `inventory.ini` for host definitions
- Template for iptables rules at `templates/iptables/rules.v4.j2`
- `README.md` with usage instructions
This commit is contained in:
Thatsaphorn
2025-09-19 21:23:07 +02:00
parent 335a22df09
commit 356ca08b26
8 changed files with 426 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
templates/iptables/rules.v4.j2 Normal file
View File

@@ -0,0 +1,27 @@
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# Always allow loopback
-A INPUT -i lo -j ACCEPT
# Accept already established/related
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Drop invalid early
-A INPUT -m conntrack --ctstate INVALID -j DROP
# Allow TCP ports from vars
{% for p in firewall_tcp_ports | default([]) %}
-A INPUT -p tcp --dport {{ p }} -j ACCEPT
{% endfor %}
# Allow UDP ports from vars
{% for p in firewall_udp_ports | default([]) %}
-A INPUT -p udp --dport {{ p }} -j ACCEPT
{% endfor %}
# add further custom rules below
COMMIT