ansible
/
xoxys.unifi
1
0
Fork 0
Code Issues Pull Requests Releases Activity

add default iptables rules

This commit is contained in:
Robert Kaussow 2018-07-11 22:37:44 +02:00
parent 4867bf1957
commit 1892ef6800
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
defaults/main.yml
View File

@ -14,3 +14,14 @@ unifi_lvm_enabled: False
# unifi_lvm_fstype: xfs
unifi_base_dir: /opt/unifi
unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"
unifi_open_ports:
- { flag: "allow_unifi_web", proto: "tcp", port: "8443" }
- { flag: "allow_unifi", proto: "tcp", port: "8080" }
# - { flag: "allow_unifi", proto: "tcp", port: "8880" }
# - { flag: "allow_unifi", proto: "tcp", port: "8843" }
- { flag: "allow_unifi_speedtest", proto: "tcp", port: "6789" }
- { flag: "allow_unifi", proto: "tcp", port: "8843" }
- { flag: "allow_unifi_stun", proto: "udp", port: "3478" }
- { flag: "allow_unifi_discover", proto: "udp", port: "10001" }

7
tasks/install.yml
View File

@ -43,6 +43,13 @@
become_user: "{{ unifi_user }}"
- block:
- name: Open ports in iptables
iptables_raw:
name: "{{ item.flag }}"
state: present
rules: "-A INPUT -m state --state NEW -p {{ item.proto }} --dport {{ item.port }} -j ACCEPT"
with_items: {{ unifi_open_ports }}
- name: Create systemd unit files
template:
src: "etc/systemd/system/unifi.service.j2"