add app-specific iptables list
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
197fad5813
commit
34d9ec0a27
@ -15,7 +15,9 @@ iptables_default_tail: |
|
|||||||
-A FORWARD -j REJECT
|
-A FORWARD -j REJECT
|
||||||
|
|
||||||
iptables_custom_rules: []
|
iptables_custom_rules: []
|
||||||
iptables_custom_rules_extra: []
|
|
||||||
|
iptables_app_rules: []
|
||||||
|
iptables_app_rules_extra: []
|
||||||
|
|
||||||
# @var iptables_keep_unmanaged:description: >
|
# @var iptables_keep_unmanaged:description: >
|
||||||
# By default this role deletes all iptables rules which are not managed by Ansible.
|
# By default this role deletes all iptables rules which are not managed by Ansible.
|
||||||
|
|||||||
@ -12,6 +12,17 @@
|
|||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.name }}"
|
label: "{{ item.name }}"
|
||||||
|
|
||||||
|
- name: Set applications iptables rules
|
||||||
|
iptables_raw:
|
||||||
|
name: '{{ item.name }}'
|
||||||
|
rules: '{{ item.rules }}'
|
||||||
|
state: '{{ item.state }}'
|
||||||
|
weight: '{{ item.weight | default(omit) }}'
|
||||||
|
table: '{{ item.table | default(omit) }}'
|
||||||
|
loop: '{{ iptables_app_rules + iptables_app_rules_extra }}'
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
|
||||||
- name: Set default iptables head rules
|
- name: Set default iptables head rules
|
||||||
iptables_raw:
|
iptables_raw:
|
||||||
name: iptables_default_head
|
name: iptables_default_head
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user