Ansible role to configure OPNsense firewalls.
This is the RLS detached fork of the original from https://github.com/naturalis/ansible-opnsense.
As of Oct 5, 2023 this became the main repository, as the original was removed (see #35).
We like to thank @rudibroekhuizen and all other contributors from @naturalis for their greate work and we are happy to use their contributions as a base for further development.
- OPNsense firewall with shell access
- python lxml
We try to provide some example variable definitions in the coresponding task and test (test/*.yml) files.
sudo apt install python3-lxml
or
pip install lxml
sudo apt install secure-delete php-cli php-xml # (optional)
php-cli and php-xml are required for the xml re-encoding (recommended! set opn_fix_xml_encoding: true)
secure-delete is required for safe deleting the local xml file.
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
---
- hosts: firewalls
gather_facts: false
become: false
roles:
- ansible-opnsense
...
Become on play level is not needed for XML changes on localhost, only for tasks to fetch/push config.xml and restart services on OPNsense.
ansible-playbook -D firewalls.yml -l firewall1 -t user,fetch,copy,reload
- https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense-facts
- https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense-checkmk
- https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense-plugpack
- https://github.com/Rosa-Luxemburgstiftung-Berlin/ansible-opnsense-update
- https://github.com/zerwes/opnsense-fail2ban
Apache 2.0
- Rudi Broekhuizen - rudi.broekhuizen@naturalis.nl
- Privazio - hello@privaz.io - https://github.com/privazio
- Foppe Pieters - foppe.pieters@naturalis.nl
- Klaus Zerwes - https://github.com/zerwes
- Jonybat - https://github.com/Jonybat
- fnateghi - https://github.com/fnateghi