ansible/roles/router/templates/firewall_config.py

91 lines
2.7 KiB
Python
Raw Normal View History

# -*- mode: python; coding: utf-8 -*-
#
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017 Gabriel Détraz
# Copyright © 2017 Goulven Kermarec
# Copyright © 2017 Augustin Lemesle
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
### Give me a role
2020-08-01 17:48:39 +02:00
# previously: routeur4 = routeur IPv4
role = ['routeur', 'portail']
### Specify each interface role
interfaces_type = {
'routable' : ['ens20', 'ens21', 'ens23'],
'routable-portail' : ['ens23'],
'sortie' : ['ens19'],
'admin' : ['ens18']
}
### Specify nat settings: name, interfaces with range, and global range for nat
### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
### contain /16 range
nat = [
{
'name' : 'Wifi',
'interfaces_ip_to_nat' : {
'ens19' : '45.66.109.0/24',
},
'ip_sources' : '10.{{ subnet_ids.users_wifi }}.0.0/16',
'extra_nat' : {}
},
{
'name' : 'Filaire',
'interfaces_ip_to_nat' : {
'ens19' : '45.66.108.0/24',
},
'ip_sources' : '10.{{ subnet_ids.users_wired }}.0.0/16',
'extra_nat' : {
2020-05-08 15:54:54 +02:00
'10.129.{{ apartment_block_id }}.{{ '1' if "backup" in inventory_hostname else '2' }}40' : '45.66.108.25{{
apartment_block_id }}',
'10.129.{{ apartment_block_id }}.254' : '45.66.108.25{{ apartment_block_id }}'
}
},
{
'name': 'Accueil',
'ip_sources': '10.{{ subnet_ids.users_accueil }}.0.0/16',
'extra_nat': {
'10.{{ subnet_ids.users_accueil }}.0.0/16': '45.66.108.25{{ apartment_block_id }}'
},
},
]
portail = {
"authorized_hosts": {
"tcp": {
"45.66.111.61": ["80", "443"],
"92.222.211.195": ["80", "443"]
},
"udp": {}
},
"ip_redirect": {
"0.0.0.0/0": {
"tcp": {
"45.66.111.61": ["80", "443"]
}
}
}
}