remove iptables integration

2019-10-28 20:12:54 +01:00 · 2019-10-28 20:12:54 +01:00 · baad567860
parent b1e1477c82
commit baad567860
2 changed files with 6 additions and 49 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -9,36 +9,6 @@ unifi_user: ubnt
 unifi_base_dir: /opt/unifi
 unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"

-unifi_iptables_enabled: False
-unifi_open_ports:
-  - name: allow_unifi_web
-    rules: |
-      -A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
-    state: present
-  - name: allow_unifi_comm
-    rules: |
-      -A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
-      -A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
-    state: present
-  - name: allow_unifi_stun
-    rules: |
-      -A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
-      -A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
-    state: present
-  - name: allow_unifi_discover
-    rules: |
-      -A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
-      -A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
-    state: present
-  - name: allow_unifi_sped
-    rules: |
-      -A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
-    state: present
-  - name: allow_unifi_adopt
-    rules: |
-      -A OUTPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
-    state: present
-
 unifi_tls_enabled: False
 unifi_tls_pkcs12_passphrase: temppass
 unifi_tls_certs_dir: "{{ unifi_base_dir }}/tls/certs"
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -77,24 +77,11 @@
  become: True
  become_user: "{{ unifi_user }}"

- block:
-    - name: Open ports in iptables
-      iptables_raw:
-        name: "{{ item.name }}"
-        rules: "{{ item.rules }}"
-        state: "{{ item.state }}"
-        weight: "{{ item.weight | default(omit) }}"
-        table: "{{ item.table | default(omit) }}"
-      loop: "{{ unifi_open_ports }}"
-      loop_control:
-        label: "{{ item.name }}"
-      when: unifi_iptables_enabled
-
-    - name: Create systemd unit files
-      template:
-        src: "etc/systemd/system/unifi.service.j2"
-        dest: "/etc/systemd/system/unifi.service"
-        mode: 0644
-      notify: __unifi_restart
+- name: Create systemd unit files
+  template:
+    src: "etc/systemd/system/unifi.service.j2"
+    dest: "/etc/systemd/system/unifi.service"
+    mode: 0644
+  notify: __unifi_restart
  become: True
  become_user: root