You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.5 KiB
51 lines
1.5 KiB
- block:
|
|
- name: set firewall_cfg
|
|
set_fact:
|
|
firewall_cfg: "{{ firewall_default_config | d({}) |
|
|
combine(firewall_ssh_config if (firewall_use_ssh | d(true) == true) else {}, recursive=true, list_merge='append') |
|
|
combine(role_firewall_config | d({}), recursive=true, list_merge='append') |
|
|
combine(firewall_collected_configs | d({}), recursive=true, list_merge='append') |
|
|
combine(firewall | d({}), recursive=true, list_merge='append') }}"
|
|
|
|
|
|
- name: install iptables
|
|
include_tasks: tasks/install_packages.yml
|
|
vars:
|
|
package:
|
|
- iptables
|
|
- alpine: iptables-openrc
|
|
- debian: iptables-persistent
|
|
|
|
|
|
- name: edit service config
|
|
lineinfile:
|
|
path: /etc/conf.d/iptables
|
|
regexp: "^IPTABLES_SAVE="
|
|
line: "IPTABLES_SAVE=\"{{ iptables_file }}\""
|
|
|
|
|
|
- name: template iptables schema
|
|
template:
|
|
src: iptables.j2
|
|
dest: "{{ iptables_file }}"
|
|
force: yes
|
|
lstrip_blocks: yes
|
|
register: result
|
|
|
|
|
|
- name: load iptables
|
|
community.general.iptables_state:
|
|
path: "{{ iptables_file }}"
|
|
state: restored
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
when: result.changed
|
|
|
|
|
|
- name: start and enable iptables
|
|
service:
|
|
name: iptables
|
|
enabled: yes
|
|
state: started
|
|
|
|
when: firewall is mapping or role_firewall_config is mapping or (host_firewall | d(false) == true) |