ansible/roles/re2o-firewall-routeur/templates/re2o-services/firewall/firewall_config.py.j2

# -*- mode: python; coding: utf-8 -*-
{{ ansible_header | comment }}

### Give me a role

role = ['portail']


### Specify each interface role

interfaces_type = {
    'routable' : ['ens20', 'ens21'],
    'sortie' : ['ens18'],
    'admin' : ['ens19']
}

portail = {
    'autorized_hosts' : {
        'tcp' : {
            '138.231.136.12' : ['22'],
            '138.231.136.98' : ['20', '21', '80', '111', '1024:65535'],
            '138.231.136.145' : ['80', '443'],
            '213.154.225.236' : ['80', '443'],
            '213.154.225.237' : ['80', '443'],
            '172.217.18.197' : ['80', '443'], #gmail addresses
            '108.177.15.83' : ['80', '443'],
            '108.177.15.18' : ['80', '443'],
            '108.177.15.17' : ['80', '443'],
            '108.177.15.19' : ['80', '443'],
            '172.217.18.205' : ['80', '443'], #accounts google
            '172.217.18.195' : ['80', '443'],
            '46.255.53.35' : ['80', '443'],
            '46.255.53.17' : ['80', '443'],
            '0.0.0.0/0' : ['143', '220', '993']
        },
        'udp' : {
            '138.231.136.98' : ['69', '1024:65535']
        }
    },
    'ip_redirect' : {
        '10.51.0.0/16' : {
            'tcp' : {
                '138.231.136.145' : ['80', '443']
            }
        },
        '10.52.0.0/16' : {
            'tcp' : {
                '138.231.136.145' : ['80', '443']
            }
        }
    }
}