local-frontend: Initiall Proof of concept

playbook/local-frontend.yml

+- name: a play that runs entirely on the ansible host
+  hosts: 127.0.0.1
+  connection: local
+
+  roles:
+    - { role: package, package_name: radvd, package_state: present }
+    - { role: package, package_name: dnsmasq, package_state: present }
+
+

playbook/roles/shorewall/files/interfaces

+###############################################################################
+#ZONE   INTERFACE       BROADCAST       OPTIONS
+net     eth0            detect          routeback
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

playbook/roles/shorewall/files/policy

+###############################################################################
+#SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
+$FW             net             ACCEPT
+net             all             ACCEPT
+# The FOLLOWING POLICY MUST BE LAST
+all             all             ACCEPT
+#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

playbook/roles/shorewall/files/zones

+##############################################################################
+#ZONE   TYPE    OPTIONS                 IN                      OUT
+#                                       OPTIONS                 OPTIONS
+fw      firewall
+net     ipv4
+#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

playbook/roles/shorewall/tasks/main.yml

+ - name: Copy files
+   copy: src={{ item }} dest=/etc/shorewall/{{ item }} mode=660
+   with_items:
+     - interfaces
+     - policy
+     - zones
+
+ - name: copy templates
+   template: src={{ item }} dest=/etc/shorewall/{{ item }} mode=660
+   with_items:
+     - masq
+     - rules

playbook/roles/shorewall/templates/masq

+#INTERFACE          SOURCE      ADDRESS          PROTO        PORT
+eth0:{{ local_ipv4 }}   0.0.0.0/0   {{ public_ipv4 }}  tcp          4443
+eth0:{{ local_ipv4 }}   0.0.0.0/0   {{ public_ipv4 }}  tcp          8080

playbook/roles/shorewall/templates/rules

+#############################################################################################################
+#ACTION         SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/
+#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP
+Ping/ACCEPT     net             $FW
+# ssh (the most important thing...)
+ACCEPT          net             $FW             tcp     22
+ACCEPT          net             $FW             tcp     1194
+
+# Access local slapos services
+# slappart16
+DNAT            net            $FW:{{ local_ipv4 }}:4443  tcp   443
+DNAT            net            $FW:{{ local_ipv4 }}:8080  tcp    80

playbook/shorewall-frontend.yml

+- name: a play that runs entirely on the ansible host
+  hosts: 127.0.0.1
+  connection: local
+
+
+  vars_prompt:
+    - name: "local_ipv4"
+      prompt: "IPv4 of apache"
+      private: no
+
+    - name: "public_ipv4"
+      prompt: "IPv4 on eth0"
+      private: no
+
+
+  roles:
+    - shorewall