ansible/xoxys.unifi
1
0
Fork 0
Code Issues Pull Requests Releases Activity

fix iptables

Browse Source
This commit is contained in:
Robert Kaussow 2018-07-12 00:31:16 +02:00
parent fed261fde9
commit 7846b263a7
2 changed files with 30 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
defaults/main.yml
View File

@ -18,12 +18,16 @@ unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"
unifi_iptables_enabled: True unifi_iptables_enabled: True
unifi_open_ports: unifi_open_ports:
- { flag: "allow_unifi_web", direction: "input", proto: "tcp", port: "8443" } # unifi webinterface
- { flag: "allow_unifi_comm", direction: "input", proto: "tcp", port: "8080" } - "-A INPUT -m state --state NEW -p 8443 --dport tcp -j ACCEPT"
- { flag: "allow_unifi_comm", direction: "output", proto: "tcp", port: "8080" } # unifi client server communication
- { flag: "allow_unifi_speedtest", direction: "output", proto: "tcp", port: "6789" } - "-A INPUT -m state --state NEW -p 8080 --dport tcp -j ACCEPT"
- { flag: "allow_unifi_stun", direction: "input", proto: "udp", port: "3478" } - "-A OUTPUT -m state --state NEW -p 8080 --dport tcp -j ACCEPT"
- { flag: "allow_unifi_stun", direction: "output", proto: "udp", port: "3478" } # unifi speedtest
- { flag: "allow_unifi_discover", direction: "input", proto: "udp", port: "10001" } - "-A OUTPUT -m state --state NEW -p 6789 --dport tcp -j ACCEPT"
- { flag: "allow_unifi_discover", direction: "output", proto: "udp", port: "10001" } # unifi stun
- { flag: "allow_ssh", direction: "output", proto: "tcp", port: "22" } - "-A INPUT -m state --state NEW -p 3478 --dport udp -j ACCEPT"
- "-A OUTPUT -m state --state NEW -p 3478 --dport udp -j ACCEPT"
# ap discovery
- "-A INPUT -m state --state NEW -p 10001 --dport udp -j ACCEPT"
- "-A OUTPUT -m state --state NEW -p 10001 --dport udp -j ACCEPT"

37
tasks/install.yml
View File

@ -33,22 +33,22 @@
become_user: "{{ unifi_user }}" become_user: "{{ unifi_user }}"
when: unifi_current_version is version_compare(unifi_version, ">") or unifi_current_version is version_compare('0.0.0', "=") when: unifi_current_version is version_compare(unifi_version, ">") or unifi_current_version is version_compare('0.0.0', "=")
# - block: - block:
# - name: Remove data folder from new version - name: Remove data folder from new version
# file: file:
# path: "{{ unifi_base_dir }}/{{ unifi_current_version }}//UniFi/data" path: "{{ unifi_base_dir }}/{{ unifi_current_version }}//UniFi/data"
# state: absent state: absent
#
# - name: Copy data folder from previews version - name: Copy data folder from previews version
# copy: synchronize:
# src: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data" src: "{{ unifi_base_dir }}/{{ unifi_version }}//UniFi/data"
# dest: "{{ unifi_base_dir }}/{{ unifi_current_version }}//UniFi/data" dest: "{{ unifi_base_dir }}/{{ unifi_current_version }}//UniFi/data"
# remote_src: True delegate_to: "{{ inventory_hostname }}"
# become: True become: True
# become_user: "{{ unifi_user }}" become_user: "{{ unifi_user }}"
# when: when:
# - unifi_current_version is version_compare(unifi_version, ">") - unifi_current_version is version_compare(unifi_version, ">")
# - unifi_restore_after_upgrade - unifi_restore_after_upgrade
- name: Create symlink for latest version - name: Create symlink for latest version
file: file:
@ -64,10 +64,7 @@
iptables_raw: iptables_raw:
name: "{{ item.flag }}" name: "{{ item.flag }}"
state: present state: present
rules: "-A {{ item.direction | upper }} -m state --state NEW -p {{ item.proto | lower }} --dport {{ item.port }} -j ACCEPT" rules:"{{ unifi_open_ports }}"
with_items: "{{ unifi_open_ports }}"
loop_control:
label: "{{ item.flag }}"
when: unifi_iptables_enabled when: unifi_iptables_enabled
- name: Create systemd unit files - name: Create systemd unit files