external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

iptables

Browse source
This commit is contained in:
Jerry Vonau 2017-11-09 06:11:15 -06:00
parent 051808957a
commit 0d5d494514
5 changed files with 3 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

5
roles/network/tasks/iptables.yml → roles/2-common/tasks/iptables.yml
View file

@ -47,10 +47,9 @@
group='root' group='root'
mode={{ item.2 }} mode={{ item.2 }}
with_items: with_items:
- { 0: 'roles/network/templates/gateway/iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' } - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
- { 0: 'roles/network/templates/gateway/check-LAN', 1: '/usr/bin/check-LAN', 2: '0755' }
- name: Install Debian config - name: Install Debian config
template: src=roles/network/templates/gateway/iptables dest=/etc/network/if-pre-up.d/iptables template: src=iptables dest=/etc/network/if-pre-up.d/iptables
mode=0755 mode=0755
when: is_debuntu when: is_debuntu

2
roles/2-common/tasks/main.yml
View file

@ -18,7 +18,7 @@
# the following installs common packages for both debian and fedora # the following installs common packages for both debian and fedora
- include_tasks: packages.yml - include_tasks: packages.yml
- include_tasks: roles/network/tasks/iptables.yml - include_tasks: iptables.yml
- sysctl: name=net.ipv4.ip_forward value=1 state=present - sysctl: name=net.ipv4.ip_forward value=1 state=present
- sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present - sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present

0
roles/network/templates/gateway/iptables → roles/2-common/templates/iptables
View file

0
roles/network/templates/gateway/iptables-config → roles/2-common/templates/iptables-config
View file

61
roles/network/templates/gateway/check-LAN
View file

@ -1,61 +0,0 @@
#!/bin/bash
run_detect(){
logger "check-LAN: running reconfig"
cd /opt/schoolserver/iiab
/opt/schoolserver/iiab/runtags network > /dev/null
logger "check-LAN: completed reconfig"
exit 0
}
exit_clean(){
logger "check-LAN: completed - nothing to do"
exit 0
}
logger "check-LAN: startup"
if [ -f /etc/sysconfig/xs_lan_device ]; then
LAN_DEVICE=`cat /etc/sysconfig/xs_lan_device`
if [ "x$LAN_DEVICE" = "x" ]; then
logger "check-LAN: no lan expected"
exit_clean
else
if [ "$LAN_DEVICE" = "br0" ]; then
SLAVES=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \
| gawk -F'[-:]' '{print $3}'`
SLAVE_COUNT=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \
| wc | awk '{print $1}'`
logger "check-LAN: looking for $SLAVE_COUNT slaves"
while [ "$SLAVE_COUNT" > 1 ]; do
TEST_SLAVE=`brctl show | tail -n $[ $SLAVE_COUNT - 1 ] | awk '{print $1}'`
if [ "x$TEST_SLAVE" = "x" ]; then
logger "check-LAN: blank slave for number $SLAVE_COUNT"
run_detect
else
logger "check-LAN: slave number $SLAVE_COUNT $TEST_SLAVE present"
fi
SLAVE_COUNT="$[ $SLAVE_COUNT - 1 ]"
if [ "$SLAVE_COUNT" = 1 ]; then
TEST_SLAVE=`brctl show | grep br0 | awk '{print $4}'`
if [ "x$TEST_SLAVE" = "x" ]; then
logger "check-LAN: single blank slave for number $SLAVE_COUNT"
run_detect
else
logger "check-LAN: single slave number $SLAVE_COUNT $TEST_SLAVE present"
exit_clean
fi
fi
done
fi
LAN_IF=`ip -o addr | grep 172.18 | awk '{print $2}'`
if [ "$LAN_IF" = "$LAN_DEVICE" ]; then
logger "check-LAN: expected LAN matched $LAN_DEVICE"
exit_clean
fi
fi
else
logger "check-LAN: unconfigured"
exit_clean
fi