Merge branch 'master' into fetlab

templates/interfaces_ariane.j2

@@ -0,0 +1,19 @@
+# {{ ansible_managed }}
+
+source /etc/network/interfaces.d/*
+
+auto lo
+iface lo inet loopback
+
+allow-hotplug enp8s0
+iface enp8s0 inet dhcp
+
+auto br0
+iface br0 inet dhcp
+    bridge_ports enp9s0
+    bridge_fd 0
+    bridge_maxwait 0
+
+dns-nameservers 192.168.86.1
+#dns-nameservers 192.168.86.1 10.0.3.1
+#dns-nameserver 10.0.3.1

templates/iptables_progress_v4.j2

@@ -0,0 +1,18 @@
+# {{ ansible_managed }}
+
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p udp -m udp -s {{ printer_ip }}/32 --dport 137 -j ACCEPT
+-A INPUT -p udp -m udp -s {{ printer_ip }}/32 --dport 138 -j ACCEPT
+-A INPUT -m state --state NEW -m tcp -p tcp -s {{ printer_ip }}/32 --dport 139 -j ACCEPT
+-A INPUT -m state --state NEW -m tcp -p tcp -s {{ printer_ip }}/32 --dport 445 -j ACCEPT
+-A INPUT -p tcp -j REJECT --reject-with tcp-reset
+-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -j REJECT --reject-with icmp-proto-unreachable
+COMMIT

templates/iptables_progress_v6.j2

@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -p tcp --syn -j DROP
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+COMMIT