ansible/xoxys.unifi
1
0
Fork 0
Code Issues Pull Requests Releases Activity

another iptables fix

Browse Source
This commit is contained in:
Robert Kaussow 2018-07-12 00:48:14 +02:00
parent fe28ebdbf3
commit 316b3f2d39
2 changed files with 31 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
defaults/main.yml
View File

@ -18,16 +18,26 @@ unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"
unifi_iptables_enabled: True unifi_iptables_enabled: True
unifi_open_ports: unifi_open_ports:
# unifi webinterface - name: allow_unifi_web
- "-A INPUT -m state --state NEW -p 8443 --dport tcp -j ACCEPT" rules: |
# unifi client server communication -A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
- "-A INPUT -m state --state NEW -p 8080 --dport tcp -j ACCEPT" state: present
- "-A OUTPUT -m state --state NEW -p 8080 --dport tcp -j ACCEPT" - name: allow_unifi_comm
# unifi speedtest rules: |
- "-A OUTPUT -m state --state NEW -p 6789 --dport tcp -j ACCEPT" -A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
# unifi stun -A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
- "-A INPUT -m state --state NEW -p 3478 --dport udp -j ACCEPT" state: present
- "-A OUTPUT -m state --state NEW -p 3478 --dport udp -j ACCEPT" - name: allow_unifi_stun
# ap discovery rules: |
- "-A INPUT -m state --state NEW -p 10001 --dport udp -j ACCEPT" -A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
- "-A OUTPUT -m state --state NEW -p 10001 --dport udp -j ACCEPT" -A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
state: present
- name: allow_unifi_discover
rules: |
-A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
-A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
state: present
- name: allow_unifi_sped
rules: |
-A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
state: present

11
tasks/install.yml
View File

@ -62,9 +62,14 @@
- block: - block:
- name: Open ports in iptables - name: Open ports in iptables
iptables_raw: iptables_raw:
name: "allow_unifi" name: "{{ item.name }}"
state: present rules: "{{ item.rules }}"
rules: "{{ unifi_open_ports }}" state: "{{ item.state }}"
weight: "{{ item.weight|default(omit) }}"
table: "{{ item.table|default(omit) }}"
with_items: "{{ unifi_open_ports }}"
loop_control:
label: "{{item.name}}"
when: unifi_iptables_enabled when: unifi_iptables_enabled
- name: Create systemd unit files - name: Create systemd unit files