add iptables task
This commit is contained in:
parent
d00768f623
commit
c292a7ffe8
@ -3,6 +3,17 @@ ldap_proxy_urls:
|
||||
- "ldapi:/// ldap:///"
|
||||
ldap_proxy_options: []
|
||||
|
||||
ldap_proxy_iptables_enabled: False
|
||||
ldap_proxy_open_ports:
|
||||
- name: allow_ldap_out
|
||||
rules: |
|
||||
-A OUTPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
|
||||
state: present
|
||||
- name: allow_ldap_in
|
||||
rules: |
|
||||
-A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
|
||||
state: present
|
||||
|
||||
# You can deploy your certificates from a file or from content.
|
||||
# If you enable ldap_proxy_tls_source_use_content you have to put the content of your cert files into
|
||||
# ldap_proxy_tls_cert_path and ldap_proxy_tls_cert_path.
|
||||
|
@ -25,5 +25,17 @@
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: __slapd_restart
|
||||
|
||||
- name: Open ports in iptables
|
||||
iptables_raw:
|
||||
name: "{{ item.name }}"
|
||||
rules: "{{ item.rules }}"
|
||||
state: "{{ item.state }}"
|
||||
weight: "{{ item.weight|default(omit) }}"
|
||||
table: "{{ item.table|default(omit) }}"
|
||||
with_items: "{{ ldap_proxy_open_ports }}"
|
||||
loop_control:
|
||||
label: "{{item.name}}"
|
||||
when: ldap_proxy_iptables_enabled
|
||||
become: True
|
||||
become_user: root
|
||||
|
Loading…
Reference in New Issue
Block a user