add iptables task

This commit is contained in:
Robert Kaussow 2018-12-01 02:03:29 +01:00
parent d00768f623
commit c292a7ffe8
2 changed files with 23 additions and 0 deletions

View File

@ -3,6 +3,17 @@ ldap_proxy_urls:
- "ldapi:/// ldap:///"
ldap_proxy_options: []
ldap_proxy_iptables_enabled: False
ldap_proxy_open_ports:
- name: allow_ldap_out
rules: |
-A OUTPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
state: present
- name: allow_ldap_in
rules: |
-A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT
state: present
# You can deploy your certificates from a file or from content.
# If you enable ldap_proxy_tls_source_use_content you have to put the content of your cert files into
# ldap_proxy_tls_cert_path and ldap_proxy_tls_cert_path.

View File

@ -25,5 +25,17 @@
group: root
mode: 0644
notify: __slapd_restart
- name: Open ports in iptables
iptables_raw:
name: "{{ item.name }}"
rules: "{{ item.rules }}"
state: "{{ item.state }}"
weight: "{{ item.weight|default(omit) }}"
table: "{{ item.table|default(omit) }}"
with_items: "{{ ldap_proxy_open_ports }}"
loop_control:
label: "{{item.name}}"
when: ldap_proxy_iptables_enabled
become: True
become_user: root