From 94846acc8c39debfa0597ae9e8b17e20dc385dc5 Mon Sep 17 00:00:00 2001 From: binary Date: Sun, 8 Nov 2020 20:58:16 +0100 Subject: Fix bridge skip for vmm --- roles/pf/templates/pf.conf.j2 | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'roles/pf') diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 index d39694d..6d67f4f 100644 --- a/roles/pf/templates/pf.conf.j2 +++ b/roles/pf/templates/pf.conf.j2 @@ -1,11 +1,10 @@ {# pf ~~ templates/pf.conf.j2 #} - # pf ~~ /etc/pf.conf -# ========================= # +# * # common config. by Ansible -# ========================= # +# * set block-policy drop set loginterface egress @@ -17,15 +16,22 @@ block all pass in quick on egress proto {{ service["proto"] }} to port {{ service["port"] }} {% endfor %} -# ====================== # +# * # sub-config. by Ansible -# ====================== # +# * + +{% if hypervisor is defined and vms is defined %} +# hypervisor network passthrough +{% for i in range(vms | length + 5) %} +set skip on tap{{ i }} +{% endfor %} +{% endif %} {% include "templates/" + inventory_hostname + "/etc/pf.conf.j2" ignore missing %} -# ========================= # +# * # out. interface by Ansible -# ========================= # +# * pass out quick inet pass in proto { icmp, icmp6 } all -- cgit v1.2.3