ansible-ferm icon indicating copy to clipboard operation
ansible-ferm copied to clipboard

Published 20 hours ago verified publisher icon debops

Destination specific rules

Open StephanErb opened this issue 9 years ago • 2 comments

As user of ansible-ferm, I'd like to have an easy way to setup destination-specific firewall rules.

Consider the following example:

  • eth0 (ip 10.0.1.1\24): used as the management interfaces, SSHd binds here
  • eth1(ip 10.0.2.1\24): used for running services such as HTTP, ...

I would like to setup rules that are specifc to a given destination IP. For example, eth0 should only accept SSH traffic but nothing else.

StephanErb avatar Sep 14 '15 11:09 StephanErb

Good idea, probably adding item.interface option to dport_accept and other INPUT rules should be sufficient to make this possible. I plan to move them in the near future to the new directory-based config structure, then I'll probably add that option in the templates (and update the old ones as well). If you want, you can post PR for adding this in the current ones.

drybjed avatar Sep 14 '15 11:09 drybjed

Thanks for the quick response. That feature is very nice to have, but not a real blocker for me. I can wait for your upcoming reorganization.

StephanErb avatar Sep 14 '15 11:09 StephanErb