more flexible iptables handling
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a3cc643adf
commit
f62f155237
@ -11,7 +11,19 @@ cups_listen_address: print.example.org
|
|||||||
|
|
||||||
cups_log_level: warn
|
cups_log_level: warn
|
||||||
cups_server_admin: admin@example.com
|
cups_server_admin: admin@example.com
|
||||||
|
|
||||||
cups_iptables_enabled: False
|
cups_iptables_enabled: False
|
||||||
|
cups_open_ports:
|
||||||
|
- name: allow_cups_ipp
|
||||||
|
rules: |
|
||||||
|
-A INPUT -m state --state NEW -p tcp --dport 631 -j ACCEPT
|
||||||
|
-A OUTPUT -m state --state NEW -p tcp --dport 631 -j ACCEPT
|
||||||
|
state: present
|
||||||
|
- name: allow_cups_dnssd
|
||||||
|
rules: |
|
||||||
|
-A OUTPUT -m state --state NEW -p tcp --dport 5353 -j ACCEPT
|
||||||
|
-A OUTPUT -m state --state NEW -p udp --dport 5353 -j ACCEPT
|
||||||
|
state: present
|
||||||
|
|
||||||
cups_tls_cert_source: mycert.pem
|
cups_tls_cert_source: mycert.pem
|
||||||
cups_tls_key_source: mykey.pem
|
cups_tls_key_source: mykey.pem
|
||||||
|
@ -30,9 +30,14 @@
|
|||||||
|
|
||||||
- name: Open ports in iptables
|
- name: Open ports in iptables
|
||||||
iptables_raw:
|
iptables_raw:
|
||||||
name: allow_cups
|
name: "{{ item.name }}"
|
||||||
state: present
|
rules: "{{ item.rules }}"
|
||||||
rules: '-A INPUT -m state --state NEW -p tcp --dport {{ cups_nginx_proxy_url.split(":")[1] }} -j ACCEPT'
|
state: "{{ item.state }}"
|
||||||
|
weight: "{{ item.weight | default(omit) }}"
|
||||||
|
table: "{{ item.table | default(omit) }}"
|
||||||
|
loop: "{{ cups_open_ports }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
when: cups_iptables_enabled
|
when: cups_iptables_enabled
|
||||||
become: True
|
become: True
|
||||||
become_user: root
|
become_user: root
|
||||||
|
Loading…
Reference in New Issue
Block a user