Browse Source

add generic iptables task

master
Robert Kaussow 4 months ago
parent
commit
93f7018f5c
2 changed files with 12 additions and 6 deletions
  1. +6
    -3
      defaults/main.yml
  2. +6
    -3
      tasks/install.yml

+ 6
- 3
defaults/main.yml View File

@@ -43,9 +43,12 @@ nginx_gzip_types:
- application/xml

nginx_iptables_enabled: False
nginx_open_ports:
- 80
- 443
nginx_iptables_rules_default:
- name: allow_nginx_ports
rules: |
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
state: present
nginx_iptables_rules_extra: []

nginx_tls_enabled: False
nginx_tls_versions:

+ 6
- 3
tasks/install.yml View File

@@ -78,9 +78,12 @@

- name: Open ports in iptables
iptables_raw:
name: allow_nginx_ports
state: present
rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports | join(",") }} -j ACCEPT'
name: "{{ item.name }}"
rules: "{{ item.rules }}"
state: "{{ item.state }}"
weight: "{{ item.weight | default(omit) }}"
table: "{{ item.table | default(omit) }}"
loop: "{{ nginx_iptables_rules_default + nginx_iptables_rules_extra }}"
when: nginx_iptables_enabled | bool

- name: Set selinux booleans

Loading…
Cancel
Save