From 8ce56f15e0751870b56805010241dcfe8389b10f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Sat, 17 Dec 2022 21:59:58 +0100 Subject: refactor: remove global __services from roles --- roles/pf/defaults/main.yml | 8 ++++++++ roles/pf/templates/pf.conf.j2 | 5 +++-- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'roles/pf') diff --git a/roles/pf/defaults/main.yml b/roles/pf/defaults/main.yml index edba159..29a53f8 100644 --- a/roles/pf/defaults/main.yml +++ b/roles/pf/defaults/main.yml @@ -1,5 +1,13 @@ --- +pf_rules: null +# name: ... +# protocol: ... +# port: ... +# name: ... +# protocol: ... +# port: ... + pf_configuration_file: /etc/pf.conf pf_test_ports: - "{{ ansible_port }}" diff --git a/roles/pf/templates/pf.conf.j2 b/roles/pf/templates/pf.conf.j2 index 1b51fe7..e60b4a6 100644 --- a/roles/pf/templates/pf.conf.j2 +++ b/roles/pf/templates/pf.conf.j2 @@ -11,8 +11,9 @@ block all pass in quick on egress proto tcp to port {{ ansible_port }} # host services -{% for service in __services %} -pass in quick on egress proto {{ service["protocol"] }} to port {{ service["port"] }} +{% for name, rules in pf_rules.items() %} +# {{ name }} +pass in quick on egress proto {{ rules.protocol }} to port {{ rules.port }} {% endfor %} # wireguard -- cgit v1.2.3