summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ansible/roles/router/defaults/main.yml1
-rw-r--r--ansible/roles/router/tasks/main.yml4
-rw-r--r--ansible/roles/router/templates/ferm.conf.j2 (renamed from ansible/roles/router/files/ferm.conf)8
3 files changed, 10 insertions, 3 deletions
diff --git a/ansible/roles/router/defaults/main.yml b/ansible/roles/router/defaults/main.yml
new file mode 100644
index 0000000..0cb7619
--- /dev/null
+++ b/ansible/roles/router/defaults/main.yml
@@ -0,0 +1 @@
+mac_blacklist: []
diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml
index bd28a11..f4432c4 100644
--- a/ansible/roles/router/tasks/main.yml
+++ b/ansible/roles/router/tasks/main.yml
@@ -2,8 +2,8 @@
apt: name=ferm
- name: copy ferm.conf
- copy: >
- src=ferm.conf dest=/etc/ferm/ferm.conf
+ template: >
+ src=ferm.conf.j2 dest=/etc/ferm/ferm.conf
owner=root group=root mode=0640
notify: restart ferm
diff --git a/ansible/roles/router/files/ferm.conf b/ansible/roles/router/templates/ferm.conf.j2
index 4cc1a24..adf0248 100644
--- a/ansible/roles/router/files/ferm.conf
+++ b/ansible/roles/router/templates/ferm.conf.j2
@@ -13,7 +13,13 @@
@def $NET_PRIVATE = 10.0.0.0/16;
table filter {
- chain INPUT policy ACCEPT;
+ chain INPUT {
+ policy ACCEPT;
+{% for mac in mac_blacklist %}
+ mod mac mac-source {{ mac }} DROP;
+{% endfor %}
+ }
+
chain OUTPUT policy ACCEPT;
chain FORWARD policy ACCEPT;
}
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-17 07:10:35 +0000