diff options
author | Romain Gonçalves <me@rgoncalves.se> | 2021-04-17 19:18:51 +0200 |
---|---|---|
committer | Romain Gonçalves <me@rgoncalves.se> | 2021-04-17 19:18:51 +0200 |
commit | 83c079eb80e91e710307a11e63eaeffe3d6b9f59 (patch) | |
tree | 1a18420409677b74d4a1848ae65beade766ce29f /roles/pf/templates | |
parent | 7e53b549e4962ff0387e155adcfc307d16ff1277 (diff) | |
download | infrastructure-83c079eb80e91e710307a11e63eaeffe3d6b9f59.tar.gz |
pf: Use macros
Diffstat (limited to 'roles/pf/templates')
-rw-r--r-- | roles/pf/templates/pf.conf.j2 | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 index 0d2429f..154098e 100644 --- a/roles/pf/templates/pf.conf.j2 +++ b/roles/pf/templates/pf.conf.j2 @@ -1,5 +1,5 @@ +{% import 'macros.j2' as macros with context %} -{# pf ~~ templates/pf.conf.j2 #} # pf ~~ /etc/pf.conf # managed by Ansible @@ -15,16 +15,13 @@ pass in quick on egress proto {{ service["proto"] }} to port {{ service["port"] {% endfor %} # redirection -{% for h in groups["all"] %} -{% set h = hostvars[h] %} -{##} +{% call(h) macros.loop_valid_hosts("servers") %} {% if h.services is defined %} {% for service in h.services if h.ansible_host != global.dcontroller and service.public is defined and service.public %} pass in on egress proto {{ service.proto }} from any to any port {{ service.port }} rdr-to {{ h.ip.in }} {% endfor %} {% endif %} -{##} -{% endfor %} +{% endcall %} {# {% if hypervisor is defined and vms is defined %} @@ -42,4 +39,3 @@ pass out quick on egress inet from (tun0:network) nat-to (egress:0) # output network pass out quick inet pass in proto { icmp, icmp6 } all - |