gregandev/rpi-ansible
1
0
Fork 0
mirror of https://github.com/ruanbekker/rpi-ansible.git synced 2025-04-20 01:11:38 +02:00
Code Issues Projects Releases Wiki Activity

don't log igmp; drop multicast silently

Browse Source
This commit is contained in:
Glenn K. Lockwood 2019-07-20 18:25:06 -07:00
parent 6d7c298731
commit b7f53d8555
2 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -10,9 +10,11 @@ is running on the same Raspberry Pi to be configured.
## Bootstrapping on Raspbian ## Bootstrapping on Raspbian
You will need ansible installed on the Raspberry Pi being configured. You will need ansible installed on the Raspberry Pi being configured. This
playbook relies on Ansible 2.8 or newer, which means you can no longer use
`sudo apt-get install ansible`. Instead, you must
$ sudo apt-get install ansible $ sudo pip install ansible
## Configuration ## Configuration

27
roles/common/tasks/main.yml
View File

@ -92,18 +92,43 @@
port: ssh port: ssh
proto: tcp proto: tcp
log: yes log: yes
tags:
- ufw
- name: allow mDNS through UFW
ufw:
rule: allow
to_ip: 224.0.0.251
proto: igmp
log: no
tags:
- ufw
- name: drop multicast without logging
ufw:
rule: deny
to_ip: 224.0.0.1
log: no
tags:
- ufw
- name: set default incoming UFW policy to deny - name: set default incoming UFW policy to deny
ufw: ufw:
direction: incoming direction: incoming
policy: deny policy: deny
tags:
- ufw
- name: set default outgoing UFW policy to deny - name: set default outgoing UFW policy to allow
ufw: ufw:
direction: outgoing direction: outgoing
policy: allow policy: allow
tags:
- ufw
- name: enable UFW - name: enable UFW
ufw: ufw:
state: enabled state: enabled
logging: yes logging: yes
tags:
- ufw