Skip to content

bearwall-firewall/ansible-bearwall2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
.github
.github
 
 
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
molecule/default
molecule/default
 
 
tasks
tasks
 
 
templates
templates
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
test-requirements.txt
test-requirements.txt
 
 

Repository files navigation

Ansible Role: bearwall2

An ansible role that installs bearwall2 on Debian/Ubuntu.

Role Variables

Available variables are listed below, see defaults/main.yml for default values.

  • For NAT to work properly with bearwall2 a recent version of the linux kernel and nftables is required. Setting the below variables to true will cause the right versions to be installed on Debian Buster. On Ubuntu please use version 20.04+.

    bearwall2_enable_backports: true
bearwall2_backport_kernel_nftables: true

  • Bearwall2 rulesets can be defined by adding them to bearwall2_rulesets:

    bearwall2_rulesets:
  - name: martians
    policies: |
      policy_log ip saddr {192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12} reject
      policy_log ip daddr {192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12} reject

  • Bearwall2 classes can be defined by adding them to bearwall2_classes:

    bearwall2_classes:
  - name: internal
    policies: |
      policy inout accept
      policy forward accept
    if_features:
      disable_ipv6: 0
      autoconf: 1
      rp_filter: 1
      accept_redirects: 1
      accept_source_route: 1
      bootp_relay: 0
      accept_ra: 0
      forwarding: 1
      log_martians: 0
      send_redirects: 1

  • Bearwall2 options (/etc/bearwall2/bearwall2.conf) can be defined by adding them to bearwall2_options:

    bearwall2_options:
    logging: "nflog"
    conntrack: "stateful"
    missing: "withhold"
    rollback_delay: "30"

  • Bearwall2 interfaces can be defined by adding them to bearwall2_interfaces. An interface can be defined in two different ways.

    1. By inheriting from a class:

      bearwall2_interfaces:
  - name: eth0
    class: internal
  - name: eth1
    class: external

    2. By defining a custom set of policies for that interface:

      bearwall2_interfaces:
  - name: eth0
    policies: |
      policy inout accept
    if_features:
      disable_ipv6: 0
      autoconf: 0
      rp_filter: 1
      accept_redirects: 0
      accept_source_route: 0
      bootp_relay: 0
      accept_ra: 0
      forwarding: 0
      log_martians: 0
      send_redirects: 0

Installation

This role can either be installed manually with the ansible-galaxy CLI tool:

ansible-galaxy install git+https://github.com/bearwall-firewall/ansible-bearwall2,master,bearwall2

Or, by adding the following to requirements.yml:

- name: bearwall2
  src: https://github.com/bearwall-firewall/ansible-bearwall2

Roles listed in requirements.yml can be installed with the following ansible-galaxy command:

ansible-galaxy install -r requirements.yml

About

Ansible role for installing bearwall2

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages