From 24aa11226cd4f8e70429d13b8894eba6eb52ba3f Mon Sep 17 00:00:00 2001
From: Zolfa <zolfa@lilik.it>
Date: Tue, 28 Apr 2020 21:40:12 +0200
Subject: [PATCH] port_forwaring: new role!

Role to configure port forwarding in a OpenWRT firewall.
Import this role in any host playbook to open a redirect to the
current host from the host labelled as firewall.

Example:

    - set_fact:
        firewall: 'inventory_name_of_firewall'
    - import_role: name=port_forwarding
      vars:
	name: 'stun'
	proto: 'tcp'
	port: 3478
---
 roles/port_forwarding/defaults/main.yaml |  3 +++
 roles/port_forwarding/handlers/main.yaml | 11 +++++++++++
 roles/port_forwarding/tasks/main.yaml    | 20 ++++++++++++++++++++
 3 files changed, 34 insertions(+)
 create mode 100644 roles/port_forwarding/defaults/main.yaml
 create mode 100644 roles/port_forwarding/handlers/main.yaml
 create mode 100644 roles/port_forwarding/tasks/main.yaml

diff --git a/roles/port_forwarding/defaults/main.yaml b/roles/port_forwarding/defaults/main.yaml
new file mode 100644
index 0000000..df99372
--- /dev/null
+++ b/roles/port_forwarding/defaults/main.yaml
@@ -0,0 +1,3 @@
+---
+firewall: 'vm_gateway'
+...
diff --git a/roles/port_forwarding/handlers/main.yaml b/roles/port_forwarding/handlers/main.yaml
new file mode 100644
index 0000000..a241d52
--- /dev/null
+++ b/roles/port_forwarding/handlers/main.yaml
@@ -0,0 +1,11 @@
+---
+- name: 'uci commit firewall'
+  command: 'uci commit firewall'
+  delegate_to: '{{ firewall }}'
+
+- name: 'reload firewall'
+  openwrt_init:
+    name: 'firewall'
+    state: 'reloaded'
+  delegate_to: '{{ firewall }}'
+...
diff --git a/roles/port_forwarding/tasks/main.yaml b/roles/port_forwarding/tasks/main.yaml
new file mode 100644
index 0000000..f7f424e
--- /dev/null
+++ b/roles/port_forwarding/tasks/main.yaml
@@ -0,0 +1,20 @@
+---
+- name: 'set port redirection rule for {{ rule_name }}'
+  uci:
+    command: 'set'
+    key: 'firewall.{{ item.0 }}'
+    value: '{{ item.1 }}'
+  loop:
+    - [ '{{ rule_name }}', 'redirect' ]
+    - [ '{{ rule_name }}.name', 'AnsibleManagedRedirect: {{ rule_name }}' ]
+    - [ '{{ rule_name }}.proto', '{{ proto }}' ]
+    - [ '{{ rule_name }}.src', 'wan' ]
+    - [ '{{ rule_name }}.dest', 'secure' ]
+    - [ '{{ rule_name }}.src_dport', '{{ port }}' ]
+    - [ '{{ rule_name }}.dest_ip','{{ hostvars | ip_from_inventory(inventory_hostname) }}' ]
+    - [ '{{ rule_name }}.dest_port', '{{ int_port | default(port) }}' ]
+  delegate_to: '{{ firewall }}'
+  notify:
+    - 'uci commit firewall'
+    - 'reload firewall'
+...