port_forwaring: new role!

Role to configure port forwarding in a OpenWRT firewall.
Import this role in any host playbook to open a redirect to the
current host from the host labelled as firewall.

Example:

    - set_fact:
        firewall: 'inventory_name_of_firewall'
    - import_role: name=port_forwarding
      vars:
	name: 'stun'
	proto: 'tcp'
	port: 3478

roles/port_forwarding/defaults/main.yaml

@@ -0,0 +1,3 @@
+---
+firewall: 'vm_gateway'
+...

roles/port_forwarding/handlers/main.yaml

@@ -0,0 +1,11 @@
+---
+- name: 'uci commit firewall'
+  command: 'uci commit firewall'
+  delegate_to: '{{ firewall }}'
+
+- name: 'reload firewall'
+  openwrt_init:
+    name: 'firewall'
+    state: 'reloaded'
+  delegate_to: '{{ firewall }}'
+...

roles/port_forwarding/tasks/main.yaml

@@ -0,0 +1,20 @@
+---
+- name: 'set port redirection rule for {{ rule_name }}'
+  uci:
+    command: 'set'
+    key: 'firewall.{{ item.0 }}'
+    value: '{{ item.1 }}'
+  loop:
+    - [ '{{ rule_name }}', 'redirect' ]
+    - [ '{{ rule_name }}.name', 'AnsibleManagedRedirect: {{ rule_name }}' ]
+    - [ '{{ rule_name }}.proto', '{{ proto }}' ]
+    - [ '{{ rule_name }}.src', 'wan' ]
+    - [ '{{ rule_name }}.dest', 'secure' ]
+    - [ '{{ rule_name }}.src_dport', '{{ port }}' ]
+    - [ '{{ rule_name }}.dest_ip','{{ hostvars | ip_from_inventory(inventory_hostname) }}' ]
+    - [ '{{ rule_name }}.dest_port', '{{ int_port | default(port) }}' ]
+  delegate_to: '{{ firewall }}'
+  notify:
+    - 'uci commit firewall'
+    - 'reload firewall'
+...