feat: Initial Project 🎉

defaults/main.yml

@@ -0,0 +1,96 @@
+---
+# csf/defaults/main.yml
+
+csf_tmp_dir: "/usr/src"
+
+csf_required_packages:
+  - iptables
+  - perl
+  - unzip
+  - tar
+  - net-tools
+
+csf_global_ini_core:
+  - option: TESTING
+    value: "0"
+  - option: AUTO_UPDATES
+    value: "1"
+  - option: PORTS_sshd
+    value: "{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }}"
+
+csf_global_ini:
+  - option: RESTRICT_UI
+    value: "2"
+  - option: RESTRICT_SYSLOG
+    value: "2"
+  - option: URLGET
+    value: "2"
+  - option: USE_CONNTRACK
+    value: "1"
+  - option: TCP_IN
+    value: "80,443,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},30000:65535"
+  - option: TCP_OUT
+    value: "20,21,22,25,37,43,53,80,123,443,873,953,8080,9418,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},30000:65535"
+  - option: UDP_IN
+    value: "53"
+  - option: UDP_OUT
+    value: "20,21,43,53,113,123,58745,30000:65535"
+
+#csf_allow:
+#  - 10.10.10.10
+#  - 172.16.1.1/29
+
+#csf_ignore:
+#  - 10.10.10.10
+#  - 172.16.1.1/29
+
+#csf_pignore:
+#  - 'exe:/usr/sbin/nginx'
+#  - 'user:mysql'
+
+#csf_fignore:
+#  - '/tmp/\.horde'
+#  - '/tmp/\.horde/.*'
+
+#csf_blocklists:
+#  - "SPAMDROP"
+
+#csf_dyndns:
+#  - "no-ip.com"
+
+#csf_csfpre_sh: |
+#  #!/bin/bash
+#  /sbin/iptables -t nat -F POSTROUTING
+
+#csf_csfpost_sh: |
+#  #!/bin/bash
+#  /sbin/iptables -t nat -F POSTROUTING
+
+# Host based custom allow rules
+#csf_allow_host: 
+#  - 'tcp|in|d=22|s=1.1.1.1'
+
+#csf_ignore_host: 
+#  - '1.1.1.1'
+
+#csf_pignore_host:
+#  - 'exe:/usr/sbin/nginx'
+#  - 'user:mysql'
+
+#csf_fignore_host:
+#  - '/tmp/\.horde'
+#  - '/tmp/\.horde/.*'
+
+#csf_blocklists_host:
+#  - "SPAMDROP"
+
+#csf_dyndns_host:
+#  - "no-ip.com"
+
+#csf_csfpre_sh_host: |
+#  #!/bin/bash
+#  /sbin/iptables -t nat -F POSTROUTING
+
+#csf_csfpost_sh_host: |
+#  #!/bin/bash
+#  /sbin/iptables -t nat -F POSTROUTING