add generic iptables task
continuous-integration/drone/push Build is passing Details

This commit is contained in:
Robert Kaussow 2019-07-19 20:56:09 +02:00
parent fc57cb72bd
commit 93f7018f5c
2 changed files with 12 additions and 6 deletions

View File

@ -43,9 +43,12 @@ nginx_gzip_types:
- application/xml - application/xml
nginx_iptables_enabled: False nginx_iptables_enabled: False
nginx_open_ports: nginx_iptables_rules_default:
- 80 - name: allow_nginx_ports
- 443 rules: |
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
state: present
nginx_iptables_rules_extra: []
nginx_tls_enabled: False nginx_tls_enabled: False
nginx_tls_versions: nginx_tls_versions:

View File

@ -78,9 +78,12 @@
- name: Open ports in iptables - name: Open ports in iptables
iptables_raw: iptables_raw:
name: allow_nginx_ports name: "{{ item.name }}"
state: present rules: "{{ item.rules }}"
rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports | join(",") }} -j ACCEPT' state: "{{ item.state }}"
weight: "{{ item.weight | default(omit) }}"
table: "{{ item.table | default(omit) }}"
loop: "{{ nginx_iptables_rules_default + nginx_iptables_rules_extra }}"
when: nginx_iptables_enabled | bool when: nginx_iptables_enabled | bool
- name: Set selinux booleans - name: Set selinux booleans