From 4d02357c78b4f674e2589457578a7d2241143ca0 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Sat, 15 Jul 2017 17:39:52 +0200
Subject: [PATCH] add iptables rule

---
 defaults/main.yml | 4 ++++
 tasks/config.yml  | 7 +++++++
 2 files changed, 11 insertions(+)
 create mode 100644 defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..4ed2368
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+nginx_open_ports:
+  - 80
+  - 443
diff --git a/tasks/config.yml b/tasks/config.yml
index 5a3b5df..804808b 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -35,3 +35,10 @@
     - header.conf
   notify:
     - nginx_restart
+
+- name: Open ports in iptables
+  iptables_raw:
+    name: allow_nginx_ports
+    state: present
+    rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports|join(",") }} -j ACCEPT'
+  tags: iptables