diff options
author | Ivan Dolgov <ivan@qvarnlabs.com> | 2017-02-14 18:33:09 +0200 |
---|---|---|
committer | Ivan Dolgov <ivan@qvarnlabs.com> | 2017-02-14 18:33:09 +0200 |
commit | e83e795130b65306218fc22c5b09ed2ae75fd382 (patch) | |
tree | c7b6ff62019f5680fe10c5bde39a8fdb0a63d18c | |
parent | aa85519a59979f7783da986af858b840190dfa99 (diff) | |
download | minipc-router-e83e795130b65306218fc22c5b09ed2ae75fd382.tar.gz |
Add MAC blacklisting
-rw-r--r-- | ansible/roles/router/defaults/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/router/tasks/main.yml | 4 | ||||
-rw-r--r-- | ansible/roles/router/templates/ferm.conf.j2 (renamed from ansible/roles/router/files/ferm.conf) | 8 |
3 files changed, 10 insertions, 3 deletions
diff --git a/ansible/roles/router/defaults/main.yml b/ansible/roles/router/defaults/main.yml new file mode 100644 index 0000000..0cb7619 --- /dev/null +++ b/ansible/roles/router/defaults/main.yml @@ -0,0 +1 @@ +mac_blacklist: [] diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml index bd28a11..f4432c4 100644 --- a/ansible/roles/router/tasks/main.yml +++ b/ansible/roles/router/tasks/main.yml @@ -2,8 +2,8 @@ apt: name=ferm - name: copy ferm.conf - copy: > - src=ferm.conf dest=/etc/ferm/ferm.conf + template: > + src=ferm.conf.j2 dest=/etc/ferm/ferm.conf owner=root group=root mode=0640 notify: restart ferm diff --git a/ansible/roles/router/files/ferm.conf b/ansible/roles/router/templates/ferm.conf.j2 index 4cc1a24..adf0248 100644 --- a/ansible/roles/router/files/ferm.conf +++ b/ansible/roles/router/templates/ferm.conf.j2 @@ -13,7 +13,13 @@ @def $NET_PRIVATE = 10.0.0.0/16; table filter { - chain INPUT policy ACCEPT; + chain INPUT { + policy ACCEPT; +{% for mac in mac_blacklist %} + mod mac mac-source {{ mac }} DROP; +{% endfor %} + } + chain OUTPUT policy ACCEPT; chain FORWARD policy ACCEPT; } |