more flexible iptables handling
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a3cc643adf
commit
f62f155237
@ -11,7 +11,19 @@ cups_listen_address: print.example.org
|
||||
|
||||
cups_log_level: warn
|
||||
cups_server_admin: admin@example.com
|
||||
|
||||
cups_iptables_enabled: False
|
||||
cups_open_ports:
|
||||
- name: allow_cups_ipp
|
||||
rules: |
|
||||
-A INPUT -m state --state NEW -p tcp --dport 631 -j ACCEPT
|
||||
-A OUTPUT -m state --state NEW -p tcp --dport 631 -j ACCEPT
|
||||
state: present
|
||||
- name: allow_cups_dnssd
|
||||
rules: |
|
||||
-A OUTPUT -m state --state NEW -p tcp --dport 5353 -j ACCEPT
|
||||
-A OUTPUT -m state --state NEW -p udp --dport 5353 -j ACCEPT
|
||||
state: present
|
||||
|
||||
cups_tls_cert_source: mycert.pem
|
||||
cups_tls_key_source: mykey.pem
|
||||
|
@ -30,9 +30,14 @@
|
||||
|
||||
- name: Open ports in iptables
|
||||
iptables_raw:
|
||||
name: allow_cups
|
||||
state: present
|
||||
rules: '-A INPUT -m state --state NEW -p tcp --dport {{ cups_nginx_proxy_url.split(":")[1] }} -j ACCEPT'
|
||||
name: "{{ item.name }}"
|
||||
rules: "{{ item.rules }}"
|
||||
state: "{{ item.state }}"
|
||||
weight: "{{ item.weight | default(omit) }}"
|
||||
table: "{{ item.table | default(omit) }}"
|
||||
loop: "{{ cups_open_ports }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
when: cups_iptables_enabled
|
||||
become: True
|
||||
become_user: root
|
||||
|
Loading…
Reference in New Issue
Block a user