ansible-ferm
ansible-ferm copied to clipboard
debops
Manage iptables firewall using ferm
Inspired by the [Server Side Request Forgery](https://cwe.mitre.org/data/definitions/918.html) security incident described [here](https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/) with [important background on HN](https://news.ycombinator.com/item?id=10079554), I would like to filter access originating and targeting the loopback interface. In order...
As user of ansible-ferm, I'd like to have an easy way to setup destination-specific firewall rules. Consider the following example: - eth0 (ip `10.0.1.1\24`): used as the management interfaces, SSHd...
Hi One should be careful when enabling `ferm_mark_portscan` as it also triggers for broadcast and multicast and thus might block legitimate hosts. This is probably only relevant for LAN environments....
Hi, I am using the role in precise/pangolin ubuntu server. When try to execute this handler: ``` - name: Reload sysctl command: sysctl --system ``` Throws an error, saying the...
These are identical except for the state differing. This can be unified using: ``` state: '{{ "absent" if (item.delete | default(false)) else 'present' }}" ```
On Raspiban, the IPv6 kernel module is not loaded by default. One solution would be to probe for IPv6 within the role and adjust ferm_filter_domains. For the records, here is...