algo/roles/common/tasks/freebsd.yml

---

- set_fact:
    tools:
      - git
      - subversion
      - screen
      - coreutils
      - openssl
      - bash
      - wget
    sysctl:
      forwarding:
        - net.inet.ip.forwarding
        - net.inet6.ip6.forwarding
  tags:
    - always

- name: Loopback included into the rc config
  blockinfile:
    dest: /etc/rc.conf
    create: yes
    block: |
      cloned_interfaces="lo100"
      ifconfig_lo100="inet {{ local_service_ip }} netmask 255.255.255.255"
      ifconfig_lo100="inet6 FCAA::1/64"
  notify:
    - restart loopback bsd
  tags:
    - always

- name: Enable the gateway features
  lineinfile: dest=/etc/rc.conf regexp='^{{ item.param }}.*' line='{{ item.param }}={{ item.value }}'
  with_items:
    - { param: firewall_enable, value: '"YES"' }
    - { param: firewall_type, value: '"open"' }
    - { param: gateway_enable, value: '"YES"' }
    - { param: natd_enable, value: '"YES"' }
    - { param: natd_interface, value: '"{{ ansible_default_ipv4.device|default() }}"' }
    - { param: natd_flags, value: '"-dynamic -m"' }
  notify:
    - restart ipfw
  tags:
    - always

- name: FreeBSD | Activate IPFW
  shell: >
    kldstat -n ipfw.ko || kldload ipfw ; sysctl net.inet.ip.fw.enable=0 &&
    bash /etc/rc.firewall && sysctl net.inet.ip.fw.enable=1

- meta: flush_handlers
FreeBSD / HardenedBSD (#262) * FreeBSD draft ifconfig fix Pre-tasks fixes fix hardcoded IP some refactoring disable system-based tags disable freebsd tags FreeBSD vpn role add defaults ssh role freebsd default fix dns_adblocking freebsd ubuntu dict fix * HardenedBSD update-users BSD * Rebuild the kernel docs changing 2017-03-18 09:22:07 +00:00			`---`

			`- set_fact:`
			`tools:`
			`- git`
			`- subversion`
			`- screen`
			`- coreutils`
			`- openssl`
			`- bash`
			`- wget`
			`sysctl:`
			`forwarding:`
			`- net.inet.ip.forwarding`
			`- net.inet6.ip6.forwarding`
			`tags:`
			`- always`

			`- name: Loopback included into the rc config`
			`blockinfile:`
			`dest: /etc/rc.conf`
			`create: yes`
			`block: \|`
			`cloned_interfaces="lo100"`
			`ifconfig_lo100="inet {{ local_service_ip }} netmask 255.255.255.255"`
			`ifconfig_lo100="inet6 FCAA::1/64"`
			`notify:`
			`- restart loopback bsd`
			`tags:`
			`- always`

			`- name: Enable the gateway features`
			`lineinfile: dest=/etc/rc.conf regexp='^{{ item.param }}.*' line='{{ item.param }}={{ item.value }}'`
			`with_items:`
			`- { param: firewall_enable, value: '"YES"' }`
			`- { param: firewall_type, value: '"open"' }`
			`- { param: gateway_enable, value: '"YES"' }`
			`- { param: natd_enable, value: '"YES"' }`
			`- { param: natd_interface, value: '"{{ ansible_default_ipv4.device\|default() }}"' }`
			`- { param: natd_flags, value: '"-dynamic -m"' }`
			`notify:`
			`- restart ipfw`
			`tags:`
			`- always`

			`- name: FreeBSD \| Activate IPFW`
			`shell: >`
			`kldstat -n ipfw.ko \|\| kldload ipfw ; sysctl net.inet.ip.fw.enable=0 &&`
			`bash /etc/rc.firewall && sysctl net.inet.ip.fw.enable=1`

			`- meta: flush_handlers`