ansible

History

Kevin Fenzi ee49c53f08 base / iptables: Adjust iptables on all vpn hosts to drop less secure traffic Most of our vpn hosts are on a 192.168.1.0/24 network. However we have a small number on a 'less secure' 'less trusted' subnet: 192.168.100.0/24. This change adds in logic to: * on log01, allow rsyslog from 192.168.100.x hosts * on ipa servers, allow ipa ports for 192.168.100.x hosts * then reject everything else. This will make sure 192.168.100.x hosts can only hit ssh and the two above items, otherwise all vpn hosts will reject their traffic. This should add a bit of security to having those hosts on the vpn. Signed-off-by: Kevin Fenzi <kevin@scrye.com>		2021-05-04 21:15:05 +00:00
..
files	Move devel servers to elastic IPs, too	2021-01-18 14:58:58 +01:00
handlers	have to ignore errors here because if the unit does not exist systemd will error out	2017-10-12 21:57:44 +00:00
meta	linux system roles: add tag	2021-03-31 11:35:25 -07:00
tasks	Fix tasks/postfix.yaml and roles/basic/tasks/postfix.yaml to match	2021-02-17 19:17:50 -05:00
templates	base / iptables: Adjust iptables on all vpn hosts to drop less secure traffic	2021-05-04 21:15:05 +00:00
README	Move base to a role.	2013-08-25 18:44:54 +00:00

README

This role is the base setup for all our machines. 

If there's something that shouldn't be run on every single 
machine, it should be in another role.