diff options
author | binary <me@rgoncalves.se> | 2020-11-08 20:58:16 +0100 |
---|---|---|
committer | binary <me@rgoncalves.se> | 2020-11-08 20:58:16 +0100 |
commit | 94846acc8c39debfa0597ae9e8b17e20dc385dc5 (patch) | |
tree | 5b0188a71c79440bce2bb7ad891f759248fbe630 /roles/pf | |
parent | cd428140eea27e7c02ebb123bd4e4208efeb33be (diff) | |
download | infrastructure-94846acc8c39debfa0597ae9e8b17e20dc385dc5.tar.gz |
Fix bridge skip for vmm
Diffstat (limited to 'roles/pf')
-rw-r--r-- | roles/pf/templates/pf.conf.j2 | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 index d39694d..6d67f4f 100644 --- a/roles/pf/templates/pf.conf.j2 +++ b/roles/pf/templates/pf.conf.j2 @@ -1,11 +1,10 @@ {# pf ~~ templates/pf.conf.j2 #} - # pf ~~ /etc/pf.conf -# ========================= # +# * # common config. by Ansible -# ========================= # +# * set block-policy drop set loginterface egress @@ -17,15 +16,22 @@ block all pass in quick on egress proto {{ service["proto"] }} to port {{ service["port"] }} {% endfor %} -# ====================== # +# * # sub-config. by Ansible -# ====================== # +# * + +{% if hypervisor is defined and vms is defined %} +# hypervisor network passthrough +{% for i in range(vms | length + 5) %} +set skip on tap{{ i }} +{% endfor %} +{% endif %} {% include "templates/" + inventory_hostname + "/etc/pf.conf.j2" ignore missing %} -# ========================= # +# * # out. interface by Ansible -# ========================= # +# * pass out quick inet pass in proto { icmp, icmp6 } all |