118 lines
2.4 KiB
YAML
118 lines
2.4 KiB
YAML
|
#!/usr/bin/env ansible-playbook
|
||
|
---
|
||
|
- hosts:
|
||
|
- infra-1.back.infra.auro.re
|
||
|
vars:
|
||
|
firewall__zones:
|
||
|
adm-legacy:
|
||
|
addrs:
|
||
|
- 2a09:6840:128::/64
|
||
|
- 10.128.0.0/16
|
||
|
ups:
|
||
|
addrs:
|
||
|
- 2a09:6840:201::/64
|
||
|
- 10.201.0.0/16
|
||
|
back:
|
||
|
addrs:
|
||
|
- 2a09:6840:203::/64
|
||
|
- 10.203.0.0/16
|
||
|
monit:
|
||
|
addrs:
|
||
|
- 2a09:6840:204::/64
|
||
|
- 10.204.0.0/16
|
||
|
wifi:
|
||
|
addrs:
|
||
|
- 2a09:6840:205::/64
|
||
|
- 10.205.0.0/16
|
||
|
int:
|
||
|
addrs:
|
||
|
- 2a09:6840:206::/64
|
||
|
- 10.206.0.0/16
|
||
|
sw:
|
||
|
addrs:
|
||
|
- 2a09:6840:207::/64
|
||
|
- 10.207.0.0/16
|
||
|
bmc:
|
||
|
addrs:
|
||
|
- 2a09:6840:208::/64
|
||
|
- 10.208.0.0/16
|
||
|
pve:
|
||
|
addrs:
|
||
|
- 2a09:6840:209::/64
|
||
|
- 10.209.0.0/16
|
||
|
isp:
|
||
|
addrs:
|
||
|
- 2a09:6840:210::/64
|
||
|
- 10.210.0.0/16
|
||
|
ext:
|
||
|
addrs:
|
||
|
- 2a09:6840:211::/64
|
||
|
- 45.66.111.0/24
|
||
|
- 10.211.0.0/16
|
||
|
vpn-clients:
|
||
|
addrs:
|
||
|
- 2a09:6840:212::/64
|
||
|
- 10.212.0.0/16
|
||
|
vpn:
|
||
|
addrs:
|
||
|
- 2a09:6840:213::/64
|
||
|
- 10.213.0.0/16
|
||
|
infra:
|
||
|
zones:
|
||
|
- adm-legacy
|
||
|
- ups
|
||
|
- back
|
||
|
- monit
|
||
|
- wifi
|
||
|
- int
|
||
|
- sw
|
||
|
- bmc
|
||
|
- pve
|
||
|
- isp
|
||
|
- ext
|
||
|
- vpn
|
||
|
internet:
|
||
|
negate: true
|
||
|
addrs:
|
||
|
- 2a09:6840::/32
|
||
|
- 2a09:6841::/32
|
||
|
- 2a09:6842::/32
|
||
|
- 45.66.108.0/22
|
||
|
- 10.0.0.0/8
|
||
|
- 100.64.0.0/10
|
||
|
firewall__input:
|
||
|
- verdict: accept
|
||
|
firewall__output:
|
||
|
- verdict: accept
|
||
|
firewall__forward:
|
||
|
- src: vpn-clients
|
||
|
dst: infra
|
||
|
verdict: accept
|
||
|
- src: infra # FIXME: temporary
|
||
|
dst: internet
|
||
|
verdict: accept
|
||
|
- src: monit
|
||
|
dst: bmc
|
||
|
protocols:
|
||
|
icmp: true
|
||
|
verdict: accept
|
||
|
- src: adm-legacy
|
||
|
dst: bmc
|
||
|
verdict: accept
|
||
|
- dst:
|
||
|
- 2a09:6840:211::204
|
||
|
- 45.66.111.204
|
||
|
protocols:
|
||
|
udp:
|
||
|
dport: 5121
|
||
|
verdict: accept
|
||
|
firewall__nat:
|
||
|
- src: infra
|
||
|
dst: internet
|
||
|
protocols: null
|
||
|
snat:
|
||
|
addr: 45.66.111.200/32
|
||
|
roles:
|
||
|
- firewall
|
||
|
...
|