|
|
@ -9,8 +9,8 @@
|
|
|
|
interface_in: foo
|
|
|
|
interface_in: foo
|
|
|
|
interface_out: bar
|
|
|
|
interface_out: bar
|
|
|
|
proto: tcp
|
|
|
|
proto: tcp
|
|
|
|
from_ip: 1.1.1.1
|
|
|
|
from_ip: 10.1.1.1
|
|
|
|
to_ip: 8.8.8.8
|
|
|
|
to_ip: 10.8.8.8
|
|
|
|
from_port: 1111
|
|
|
|
from_port: 1111
|
|
|
|
to_port: 2222
|
|
|
|
to_port: 2222
|
|
|
|
|
|
|
|
|
|
|
@ -20,7 +20,7 @@
|
|
|
|
route: yes
|
|
|
|
route: yes
|
|
|
|
interface_in: foo
|
|
|
|
interface_in: foo
|
|
|
|
proto: tcp
|
|
|
|
proto: tcp
|
|
|
|
from_ip: 1.1.1.1
|
|
|
|
from_ip: 10.1.1.1
|
|
|
|
from_port: 1111
|
|
|
|
from_port: 1111
|
|
|
|
|
|
|
|
|
|
|
|
- name: Route with interface out
|
|
|
|
- name: Route with interface out
|
|
|
@ -29,7 +29,7 @@
|
|
|
|
route: yes
|
|
|
|
route: yes
|
|
|
|
interface_out: bar
|
|
|
|
interface_out: bar
|
|
|
|
proto: tcp
|
|
|
|
proto: tcp
|
|
|
|
from_ip: 1.1.1.1
|
|
|
|
from_ip: 10.1.1.1
|
|
|
|
from_port: 1111
|
|
|
|
from_port: 1111
|
|
|
|
|
|
|
|
|
|
|
|
- name: Non-route with interface in
|
|
|
|
- name: Non-route with interface in
|
|
|
@ -37,7 +37,7 @@
|
|
|
|
rule: allow
|
|
|
|
rule: allow
|
|
|
|
interface_in: foo
|
|
|
|
interface_in: foo
|
|
|
|
proto: tcp
|
|
|
|
proto: tcp
|
|
|
|
from_ip: 1.1.1.1
|
|
|
|
from_ip: 10.1.1.1
|
|
|
|
from_port: 3333
|
|
|
|
from_port: 3333
|
|
|
|
|
|
|
|
|
|
|
|
- name: Non-route with interface out
|
|
|
|
- name: Non-route with interface out
|
|
|
@ -45,7 +45,7 @@
|
|
|
|
rule: allow
|
|
|
|
rule: allow
|
|
|
|
interface_out: bar
|
|
|
|
interface_out: bar
|
|
|
|
proto: tcp
|
|
|
|
proto: tcp
|
|
|
|
from_ip: 1.1.1.1
|
|
|
|
from_ip: 10.1.1.1
|
|
|
|
from_port: 4444
|
|
|
|
from_port: 4444
|
|
|
|
|
|
|
|
|
|
|
|
- name: Check result
|
|
|
|
- name: Check result
|
|
|
@ -54,11 +54,11 @@
|
|
|
|
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
that:
|
|
|
|
- '"8.8.8.8 2222/tcp on bar ALLOW FWD 1.1.1.1 1111/tcp on foo " in stdout'
|
|
|
|
- '"10.8.8.8 2222/tcp on bar ALLOW FWD 10.1.1.1 1111/tcp on foo " in stdout'
|
|
|
|
- '"Anywhere ALLOW FWD 1.1.1.1 1111/tcp on foo " in stdout'
|
|
|
|
- '"Anywhere ALLOW FWD 10.1.1.1 1111/tcp on foo " in stdout'
|
|
|
|
- '"Anywhere on bar ALLOW FWD 1.1.1.1 1111/tcp " in stdout'
|
|
|
|
- '"Anywhere on bar ALLOW FWD 10.1.1.1 1111/tcp " in stdout'
|
|
|
|
- '"Anywhere on foo ALLOW 1.1.1.1 3333/tcp " in stdout'
|
|
|
|
- '"Anywhere on foo ALLOW 10.1.1.1 3333/tcp " in stdout'
|
|
|
|
- '"Anywhere ALLOW OUT 1.1.1.1 4444/tcp on bar " in stdout'
|
|
|
|
- '"Anywhere ALLOW OUT 10.1.1.1 4444/tcp on bar " in stdout'
|
|
|
|
vars:
|
|
|
|
vars:
|
|
|
|
stdout: '{{ ufw_status.stdout_lines }}'
|
|
|
|
stdout: '{{ ufw_status.stdout_lines }}'
|
|
|
|
|
|
|
|
|
|
|
@ -68,9 +68,9 @@
|
|
|
|
interface_in: foo
|
|
|
|
interface_in: foo
|
|
|
|
interface_out: bar
|
|
|
|
interface_out: bar
|
|
|
|
proto: tcp
|
|
|
|
proto: tcp
|
|
|
|
from_ip: 1.1.1.1
|
|
|
|
from_ip: 10.1.1.1
|
|
|
|
from_port: 1111
|
|
|
|
from_port: 1111
|
|
|
|
to_ip: 8.8.8.8
|
|
|
|
to_ip: 10.8.8.8
|
|
|
|
to_port: 2222
|
|
|
|
to_port: 2222
|
|
|
|
ignore_errors: yes
|
|
|
|
ignore_errors: yes
|
|
|
|
register: ufw_non_route_iface
|
|
|
|
register: ufw_non_route_iface
|
|
|
|