ansible/xoxys.iptables
1
0
Fork 0
Code Issues Pull Requests Releases Activity

initial commit

Browse Source
This commit is contained in:
Robert Kaussow 2017-05-18 00:54:43 +02:00
parent d0883a71e6
commit 1d60f5641b
7 changed files with 81 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
defaults/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
# Default head (allow) rules
iptables_default_head: |
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# Default tail (deny) rules
iptables_default_tail: |
-A INPUT -j REJECT
-A FORWARD -j REJECT
iptables_custom_rules: []
# Example:
# iptables_custom_rules:
# - name: open_port_12345 # 'iptables_custom_rules_' will be prepended to this
# rules: '-A INPUT -p tcp --dport 12345 -j ACCEPT'
# state: present
# weight: 40
# ipversion: 4
# table: filter
#
# NOTE: 'name', 'rules' and 'state' are required, others are optional.
# By default this role deletes all iptables rules which are not managed by Ansible.
# Set this to 'yes', if you want the role to keep unmanaged rules.
iptables_keep_unmanaged: no

9
handlers/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: restart iptables
shell: sleep 2 && systemctl restart iptables
async: 1
poll: 0
ignore_errors: true
listen:
- "iptables_restart"

25
tasks/config.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: enable iptables service
service:
name: iptables
enabled: yes
state: started
- name: Set custom iptables rules
iptables_raw:
name: 'iptables_custom_rules_{{ item.name }}'
rules: '{{ item.rules }}'
state: '{{ item.state }}'
weight: '{{ item.weight|default(omit) }}'
table: '{{ item.table|default(omit) }}'
with_items: '{{ iptables_custom_rules }}'
tags: iptables
- name: Set default iptables head rules
iptables_raw:
name: iptables_default_head
weight: 10
keep_unmanaged: '{{ iptables_keep_unmanaged }}'
state: present
rules: '{{ iptables_default_head }}'
tags: iptables

6
tasks/install.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: installing iptables
package:
name: '{{ iptables_package }}'
state: latest

4
tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- include_vars: 'os_{{ ansible_os_family }}.yml'
- include: install.yml
- include: config.yml

3
vars/os_Debian.yml Normal file
View File

@ -0,0 +1,3 @@
---
iptables_package: iptables

3
vars/os_RedHat.yml Normal file
View File

@ -0,0 +1,3 @@
---
iptables_package: iptables-services