refactor(security): reworked firewall configuration and added support for DNS, HTTP and ICMP rules; added autoconf for resolv.conf to match FW rules

2024-01-06 00:00:00 +00:00 · 2024-01-06 00:00:00 +00:00 · da45c7c409
commit da45c7c409
parent 3a7440f570
22 changed files with 169 additions and 48 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/defaults/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/defaults/main.yml
@ -11,23 +11,20 @@ security:
      policy:
        prerouting: accept
        input: accept
-        postrouting: accept
        output: accept
-      additional_rules: ""
+        postrouting: accept
    mangle:
      drop_privatenets: true
      policy:
        prerouting: accept
-        postrouting: accept
        output: accept
        forward: drop
-      additional_rules: ""
+        postrouting: accept
    filter:
      policy:
        input: drop
        output: drop
        forward: drop
-      additional_rules: ""

 custom_security: {}
 recursive_combine: true