From 34d9ec0a27cdfa0fcd8f1cf00ce520cdda4c1d74 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Mon, 28 Oct 2019 20:38:54 +0100
Subject: [PATCH] add app-specific iptables list

---
 defaults/main.yml |  4 +++-
 tasks/config.yml  | 11 +++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index bf293ec..0946b1c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -15,7 +15,9 @@ iptables_default_tail: |
   -A FORWARD -j REJECT
 
 iptables_custom_rules: []
-iptables_custom_rules_extra: []
+
+iptables_app_rules: []
+iptables_app_rules_extra: []
 
 # @var iptables_keep_unmanaged:description: >
 # By default this role deletes all iptables rules which are not managed by Ansible.
diff --git a/tasks/config.yml b/tasks/config.yml
index d950147..f411e4c 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -12,6 +12,17 @@
       loop_control:
         label: "{{ item.name }}"
 
+    - name: Set applications iptables rules
+      iptables_raw:
+        name: '{{ item.name }}'
+        rules: '{{ item.rules }}'
+        state: '{{ item.state }}'
+        weight: '{{ item.weight | default(omit) }}'
+        table: '{{ item.table | default(omit) }}'
+      loop: '{{ iptables_app_rules + iptables_app_rules_extra }}'
+      loop_control:
+        label: "{{ item.name }}"
+
     - name: Set default iptables head rules
       iptables_raw:
         name: iptables_default_head