add app-specific iptables list

2019-10-28 20:38:54 +01:00 · 2019-10-28 20:38:54 +01:00 · 34d9ec0a27
commit 34d9ec0a27
parent 197fad5813
2 changed files with 14 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -15,7 +15,9 @@ iptables_default_tail: |
  -A FORWARD -j REJECT

 iptables_custom_rules: []
-iptables_custom_rules_extra: []
+
+iptables_app_rules: []
+iptables_app_rules_extra: []

 # @var iptables_keep_unmanaged:description: >
 # By default this role deletes all iptables rules which are not managed by Ansible.
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -12,6 +12,17 @@
      loop_control:
        label: "{{ item.name }}"

+    - name: Set applications iptables rules
+      iptables_raw:
+        name: '{{ item.name }}'
+        rules: '{{ item.rules }}'
+        state: '{{ item.state }}'
+        weight: '{{ item.weight | default(omit) }}'
+        table: '{{ item.table | default(omit) }}'
+      loop: '{{ iptables_app_rules + iptables_app_rules_extra }}'
+      loop_control:
+        label: "{{ item.name }}"
+
    - name: Set default iptables head rules
      iptables_raw:
        name: iptables_default_head