add app-specific iptables list
Some checks failed
continuous-integration/drone/push Build is failing

This commit is contained in:
Robert Kaussow 2019-10-28 20:38:54 +01:00
parent 197fad5813
commit 34d9ec0a27
2 changed files with 14 additions and 1 deletions

View File

@ -15,7 +15,9 @@ iptables_default_tail: |
-A FORWARD -j REJECT
iptables_custom_rules: []
iptables_custom_rules_extra: []
iptables_app_rules: []
iptables_app_rules_extra: []
# @var iptables_keep_unmanaged:description: >
# By default this role deletes all iptables rules which are not managed by Ansible.

View File

@ -12,6 +12,17 @@
loop_control:
label: "{{ item.name }}"
- name: Set applications iptables rules
iptables_raw:
name: '{{ item.name }}'
rules: '{{ item.rules }}'
state: '{{ item.state }}'
weight: '{{ item.weight | default(omit) }}'
table: '{{ item.table | default(omit) }}'
loop: '{{ iptables_app_rules + iptables_app_rules_extra }}'
loop_control:
label: "{{ item.name }}"
- name: Set default iptables head rules
iptables_raw:
name: iptables_default_head