ansible-personal/roles/common/templates
Alan Orth d7c34a30a3
roles/common: Add Spamhaus DROP lists to firewalld ipsets
This configures the recommended DROP, EDROP, and DROPv6 lists from
Spamhaus as ipsets in firewalld. First we copy an empty placeholder
ipset to seed firewalld, then we use a shell script to download the
real lists and activate them. The same shell script is run daily as
a service (update-spamhaus-lists.service) by a systemd timer.

I am strictly avoiding any direct ipset commands here because I want
to make sure that this works on older hosts where ipsets is used as
well as newer hosts that have moved to nftables such as Ubuntu 20.04.
So far I have tested this on Ubuntu 16.04, 18.04, and 20.04, but ev-
entually I need to abstract the tasks and run them on CentOS 7+ as
well.

See: https://www.spamhaus.org/drop/
2021-07-21 09:34:51 +03:00
..
etc roles/common: Remove storage-specific tweaks 2020-07-14 09:10:07 +03:00
public.xml.j2 roles/common: Add Spamhaus DROP lists to firewalld ipsets 2021-07-21 09:34:51 +03:00
rc.local_Ubuntu.j2 roles/common: Remove I/O scheduler logic from rc.local 2015-03-15 17:40:54 +03:00
security.sources.list.j2 roles/common: Update security.sources.list for cron-apt 2019-07-06 21:16:19 +03:00
sources.list.j2 roles/common: Remove buster-backports 2019-10-18 22:56:52 +03:00
sshd_config_Debian-10.j2 roles/common: Increase ssh MaxAuthTries from 3 to 4 2019-09-15 15:17:00 +03:00
sshd_config_Ubuntu-18.04.j2 roles/common: Increase ssh MaxAuthTries from 3 to 4 2019-09-15 15:17:00 +03:00
sshd_config_Ubuntu-20.04.j2 roles/common: Allow adding extra SSH users 2020-12-08 23:15:51 +02:00
sysctl_Debian.j2 roles/common: Add sysctl template for Debian hosts 2015-08-23 00:12:17 +03:00
sysctl_Ubuntu.j2 roles/common: Remove logic for TCP congestion avoidance on early kernels in sysctl 2015-03-15 17:25:33 +03:00
tarsnap_sources.list.j2 roles/common: Use stable tarsnap 2019-09-13 22:14:49 +03:00