Allow to specify in-interface and out-interface for rules of type 'chain'.

debops / ansible-ferm

Manage iptables firewall using ferm

GNU General Public License v3.0

33 stars 20 forks source link

Allow to specify in-interface and out-interface for rules of type 'chain'. #45

Closed ypid closed 9 years ago

ypid commented 9 years ago

Example configuration:

ferm_host_rules:
  - type: 'chain'
    name: 'vpn'
    table: 'nat'
    chain: 'POSTROUTING'
    saddr: [ '192.168.254.0/24' ]
    jump: 'MASQUERADE'
    out_interface: 'eth0'

drybjed commented 9 years ago

Nice idea. Perhaps to keep with the ferm configuration, we could use item.interface and item.outerface instead? It looks like these names are not used by anything else.

I also plan to someday handle lists better, ie. check if given value is a string or not and act accordingly, but I suppose it can be handled later.

ypid commented 9 years ago

Sure.

About the list. I also thought about that and I think it makes sense when the role can handle lists and strings. I did that now.