Firewalls across multiple Linux Distros
54 views
Skip to first unread message
Matthew Macdonald-Wallace
Apr 21, 2015, 1:24:43 AM4/21/15
to ansible...@googlegroups.com
Hi all,
I'm working on a set of roles for my organisation and part of the work is configuring a "secure" base system.
I want to be able to set some "sensible" defaults on a firewall and then have other roles open them up based on criteria from group_vars or similar.
Given that Ansible does not have a way of constructing a hash from across multiple roles and that these roles must work on RHEL, CentOS, Debian and Ubuntu, what is the best way to provision a firewall?
I have read https://groups.google.com/forum/#!searchin/ansible-project/firewall/ansible-project/dNgBYktNaBY/AEK0_Uiu0UoJ and https://groups.google.com/forum/#!searchin/ansible-project/firewall/ansible-project/rkavS1H6AtA/ZIfhXrSRKTQJ - both of which indicate that "ferm" is the way to go (although the wiki link that "shows you how to do this" appears to be offline at the moment) however I come from a Chef background so I'm really looking for something that works in the same way as https://github.com/opscode-cookbooks/firewall if possible.
The way that the Chef cookbook works is that you specify a firewall rule and it then works out whether it should be using UFW, Firewalld or some other format and applies that to the underlying system. At the moment, the only way I can see of setting firewall rules "officially" in Ansible is to use the ufw module in tasks/debian.yml and the firewalld module in tasks/rhel.yml and then include those files in main.yml based on the OS that I detect.
Does anyone have a "smart" way of doing this?
Thanks in advance,
Matt
Yassen Damyanov
Apr 23, 2015, 3:38:00 PM4/23/15
to ansible...@googlegroups.com
This link works for me ATM:
http://wiki.gema-soft.de/doku.php?id=it-administration:tools:ansible:ferm
Why not give it a try? (Haven't tried it myself).
I am new to ansible but I also know how chef works and AFAIK, with ansible you have to provide different sub-task sets for different distros; for example, using "apt" or "yum" modules for package management, depending on the distro. This seems like a disadvantage but it allows for fine-tuning any such module to fully use underlying features and options. For example, there's the openbsd_pkg which operates with a package set quite different from both yum and apt.
(Not very helpful, but my 2 cents)
Y.
http://wiki.gema-soft.de/doku.php?id=it-administration:tools:ansible:ferm
Why not give it a try? (Haven't tried it myself).
I am new to ansible but I also know how chef works and AFAIK, with ansible you have to provide different sub-task sets for different distros; for example, using "apt" or "yum" modules for package management, depending on the distro. This seems like a disadvantage but it allows for fine-tuning any such module to fully use underlying features and options. For example, there's the openbsd_pkg which operates with a package set quite different from both yum and apt.
(Not very helpful, but my 2 cents)
Y.
Reply all
Reply to author
Forward
0 new messages