~nka/ansible-role-ferm

b167b9d22b75934563f6d3e3b136c6583947b513 — Nicolas KAROLAK 2 months ago 17aecc3
allow to set raw content for a rule
2 files changed, 16 insertions(+), 14 deletions(-)

M tasks/main.yml
A templates/rules.conf.j2
M tasks/main.yml => tasks/main.yml +2 -14
@@ 36,20 36,8 @@
    - forward
  when: lookup('vars', 'ferm_' + item + '_rules') | length > 0
  notify: restart ferm
  copy:
  template:
    dest: /etc/ferm/{{ item }}.d/{{ ferm_rules_filename }}.conf
    content: |
      {% for rule in lookup('vars', 'ferm_' + item + '_rules') %}
      {% if rule.mod | d() %}mod {{ rule.mod }} {% endif %}
      {% if rule.helper | d() %}helper {{ rule.helper }} {% endif %}
      {% if rule.interface | d() %}interface @ipfilter(({{ rule.interface | join(' ') }})) {% endif %}
      {% if rule.outerface | d() %}outerface @ipfilter(({{ rule.outerface | join(' ') }})) {% endif %}
      {% if rule.saddr | d() %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
      {% if rule.daddr | d() %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
      {% if rule.proto | d() %}proto ({{ rule.proto | join(' ') }}) {% endif %}
      {% if rule.dport | d() %}dport ({{ rule.dport | join(' ') }}) {% endif %}
      {% if rule.sport | d() %}sport ({{ rule.sport | join(' ') }}) {% endif %}
      {{ rule.policy | d('ACCEPT') | upper }};
      {% endfor %}
    src: rules.conf.j2

...

A templates/rules.conf.j2 => templates/rules.conf.j2 +14 -0
@@ 0,0 1,14 @@
{% for rule in lookup('vars', 'ferm_' + item + '_rules') %}
{% if rule.content | d() %}{{ rule.content }};{% else %}
{% if rule.mod | d() %}mod {{ rule.mod }} {% endif %}
{% if rule.helper | d() %}helper {{ rule.helper }} {% endif %}
{% if rule.interface | d() %}interface @ipfilter(({{ rule.interface | join(' ') }})) {% endif %}
{% if rule.outerface | d() %}outerface @ipfilter(({{ rule.outerface | join(' ') }})) {% endif %}
{% if rule.saddr | d() %}saddr @ipfilter(({{ rule.saddr | join(' ') }})) {% endif %}
{% if rule.daddr | d() %}daddr @ipfilter(({{ rule.daddr | join(' ') }})) {% endif %}
{% if rule.proto | d() %}proto ({{ rule.proto | join(' ') }}) {% endif %}
{% if rule.dport | d() %}dport ({{ rule.dport | join(' ') }}) {% endif %}
{% if rule.sport | d() %}sport ({{ rule.sport | join(' ') }}) {% endif %}
{{ rule.policy | d('ACCEPT') | upper }};
{% endif %}
{% endfor %}