diff options
-rw-r--r-- | ansible/roles/router/defaults/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/router/tasks/main.yml | 4 | ||||
-rw-r--r-- | ansible/roles/router/templates/ferm.conf.j2 (renamed from ansible/roles/router/files/ferm.conf) | 8 |
3 files changed, 10 insertions, 3 deletions
diff --git a/ansible/roles/router/defaults/main.yml b/ansible/roles/router/defaults/main.yml new file mode 100644 index 0000000..0cb7619 --- /dev/null +++ b/ansible/roles/router/defaults/main.yml @@ -0,0 +1 @@ +mac_blacklist: [] diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml index bd28a11..f4432c4 100644 --- a/ansible/roles/router/tasks/main.yml +++ b/ansible/roles/router/tasks/main.yml @@ -2,8 +2,8 @@ apt: name=ferm - name: copy ferm.conf - copy: > - src=ferm.conf dest=/etc/ferm/ferm.conf + template: > + src=ferm.conf.j2 dest=/etc/ferm/ferm.conf owner=root group=root mode=0640 notify: restart ferm diff --git a/ansible/roles/router/files/ferm.conf b/ansible/roles/router/templates/ferm.conf.j2 index 4cc1a24..adf0248 100644 --- a/ansible/roles/router/files/ferm.conf +++ b/ansible/roles/router/templates/ferm.conf.j2 @@ -13,7 +13,13 @@ @def $NET_PRIVATE = 10.0.0.0/16; table filter { - chain INPUT policy ACCEPT; + chain INPUT { + policy ACCEPT; +{% for mac in mac_blacklist %} + mod mac mac-source {{ mac }} DROP; +{% endfor %} + } + chain OUTPUT policy ACCEPT; chain FORWARD policy ACCEPT; } |