ansible-personal/roles/common/tasks
Alan Orth c2a92269e4
roles/common: Add ipsets of abusive IPs to firewalld
This uses the ipsets feature of the Linux kernel to create lists of
IPs (though could be MACs, IP:port, etc) that we can block via the
existing firewalld zone we are already using. In my testing it works
on CentOS 7, Ubuntu 16.04, and Ubuntu 18.04.

The list of abusive IPs currently comes from HPC's systemd journal,
where I filtered for hosts that had attempted and failed to log in
over 100 times. The list is formatted with tidy, for example:

    $ tidy -xml -iq -m -w 0 roles/common/files/abusers-ipv4.xml

See: https://firewalld.org/2015/12/ipset-support
2019-10-05 12:28:30 +03:00
..
cron-apt.yml Update with_items loops to use new-ish "loop" keyword 2018-04-02 15:52:51 +03:00
firewall_Debian.yml roles/common: Add ipsets of abusive IPs to firewalld 2019-10-05 12:28:30 +03:00
firewall_Ubuntu.yml roles/common: Add ipsets of abusive IPs to firewalld 2019-10-05 12:28:30 +03:00
main.yml roles/common: Use a persistent systemd journal 2018-12-07 23:46:18 +02:00
ntp.yml roles/common: Update comment in tasks/ntp.yml 2019-07-06 21:16:19 +03:00
packages_Debian.yml roles/common: Remove lzop and lrzip from packages 2019-09-15 13:23:52 +03:00
packages_Ubuntu.yml roles/common: Remove lzop and lrzip from packages 2019-09-15 13:23:52 +03:00
ssh-keys.yml roles/common: Add functionality to copy user keys to provisioning user 2014-10-11 12:13:45 +03:00
sshd.yml Update with_items loops to use new-ish "loop" keyword 2018-04-02 15:52:51 +03:00
tarsnap.yml roles/common: Use experimental Tarsnap on Debian buster 2019-07-19 12:07:27 +03:00