๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/iptables/tasks/main.yml

61 lines
1.8 KiB

2 years ago
- block:
- name: set firewall_cfg
set_fact:
firewall_cfg: "{{ firewall_default_config | d({}) |
combine(firewall_ssh_config if (firewall_use_ssh | d(true) == true) else {}, recursive=true, list_merge='append') |
combine(role_firewall_config | d({}), recursive=true, list_merge='append') |
combine(firewall_collected_configs | d({}), recursive=true, list_merge='append') |
combine(firewall | d({}), recursive=true, list_merge='append') }}"
2 years ago
- name: install iptables
include_tasks: tasks/install_packages.yml
vars:
package:
- iptables
- alpine: iptables-openrc
- debian: iptables-persistent
- name: edit service config
lineinfile:
path: /etc/conf.d/iptables
regexp: "^IPTABLES_SAVE="
line: "IPTABLES_SAVE=\"{{ iptables_file }}\""
when: ansible_distribution == 'Alpine'
2 years ago
- name: template iptables schema
template:
src: iptables.j2
dest: "{{ iptables_file }}"
force: yes
lstrip_blocks: yes
register: result
- name: load iptables
community.general.iptables_state:
path: "{{ iptables_file }}"
state: restored
async: "{{ ansible_timeout }}"
poll: 0
when: result.changed
- name: start and enable iptables
service:
name: iptables
enabled: yes
state: started
when: ansible_distribution == 'Alpine'
- name: start and enable netfilter-persistent
service:
name: netfilter-persistent
enabled: yes
state: started
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
2 years ago
when: firewall is mapping or role_firewall_config is mapping or (host_firewall | d(false) == true)