Browse Source

port_forwaring: new role!

Role to configure port forwarding in a OpenWRT firewall.
Import this role in any host playbook to open a redirect to the
current host from the host labelled as firewall.

Example:

    - set_fact:
        firewall: 'inventory_name_of_firewall'
    - import_role: name=port_forwarding
      vars:
	name: 'stun'
	proto: 'tcp'
	port: 3478
python3
Zolfa 5 years ago
parent
commit
24aa11226c
Signed by: zolfa GPG Key ID: E1A43B038C4D6616
3 changed files with 34 additions and 0 deletions
  1. +3
    -0
      roles/port_forwarding/defaults/main.yaml
  2. +11
    -0
      roles/port_forwarding/handlers/main.yaml
  3. +20
    -0
      roles/port_forwarding/tasks/main.yaml

+ 3
- 0
roles/port_forwarding/defaults/main.yaml View File

@ -0,0 +1,3 @@
---
firewall: 'vm_gateway'
...

+ 11
- 0
roles/port_forwarding/handlers/main.yaml View File

@ -0,0 +1,11 @@
---
- name: 'uci commit firewall'
command: 'uci commit firewall'
delegate_to: '{{ firewall }}'
- name: 'reload firewall'
openwrt_init:
name: 'firewall'
state: 'reloaded'
delegate_to: '{{ firewall }}'
...

+ 20
- 0
roles/port_forwarding/tasks/main.yaml View File

@ -0,0 +1,20 @@
---
- name: 'set port redirection rule for {{ rule_name }}'
uci:
command: 'set'
key: 'firewall.{{ item.0 }}'
value: '{{ item.1 }}'
loop:
- [ '{{ rule_name }}', 'redirect' ]
- [ '{{ rule_name }}.name', 'AnsibleManagedRedirect: {{ rule_name }}' ]
- [ '{{ rule_name }}.proto', '{{ proto }}' ]
- [ '{{ rule_name }}.src', 'wan' ]
- [ '{{ rule_name }}.dest', 'secure' ]
- [ '{{ rule_name }}.src_dport', '{{ port }}' ]
- [ '{{ rule_name }}.dest_ip','{{ hostvars | ip_from_inventory(inventory_hostname) }}' ]
- [ '{{ rule_name }}.dest_port', '{{ int_port | default(port) }}' ]
delegate_to: '{{ firewall }}'
notify:
- 'uci commit firewall'
- 'reload firewall'
...

Loading…
Cancel
Save