Add tests for iptables role
This commit is contained in:
parent
c3958894fb
commit
cfa43abcb1
|
@ -11,6 +11,11 @@
|
|||
- tcp dport ssh ct state new limit rate 15/minute accept comment "Accept SSH on port 22 but avoid brute force"
|
||||
- tcp dport { http, https } accept comment "Accept HTTP (ports 80, 443)"
|
||||
- tcp dport { submission, imaps } accept comment "Accept SSMTP and IMAPS"
|
||||
iptables_output_policy: accept
|
||||
iptables_rules:
|
||||
- -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||
- -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||||
- -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
|
||||
admin_user: administrator
|
||||
admin_password: the_secret_password
|
||||
admin_key_file: ~/.ssh/test/id_rsa.pub
|
||||
|
@ -20,10 +25,12 @@
|
|||
# - ../roles/apt_dist_upgrade
|
||||
- ../roles/common
|
||||
- ../roles/hostname
|
||||
- ../roles/nftables
|
||||
# - ../roles/nftables
|
||||
- ../roles/iptables
|
||||
- ../roles/sshd
|
||||
- ../roles/fail2ban
|
||||
- ../roles/admin
|
||||
# - ../roles/admin
|
||||
# - ../roles/docker
|
||||
# - {role: ../roles/snake_oil_dehydrated, become: true}
|
||||
# - {role: ../roles/mailserver}
|
||||
# - {role: ../roles/weechat}
|
||||
|
@ -41,7 +48,6 @@
|
|||
# - {role: ../roles/generate_ca, become: true}
|
||||
# - {role: ../roles/generate_certificate, become: true}
|
||||
# - {role: ../roles/gitea, become: true}
|
||||
# - ../roles/docker
|
||||
# - ../roles/dokku
|
||||
# The easy ports sequece is just for test. Also don't disable strict IP
|
||||
# filtering on production.
|
||||
|
|
Loading…
Reference in a new issue