configure-iptables.yml

---
- name: iptables-Regeln setzen (HTTP)
  iptables:
    action: append
    chain: INPUT
    comment: "{{ item.comment }}"
    destination: "{{ item.dest | default(omit) }}"
    destination_port: "{{ item.dest_port | default(3128) }}"
    jump: ACCEPT
    # limit: 100/s
    # limit_burst: 1000/s
    protocol: tcp
    # rule_num: 1
    source: "{{ item.src | default(omit) }}"
    source_port: "{{ item.src_port | default(omit) }}"
    state: "{{ item.state | default('present') }}"
    table: filter
  loop: "{{ vault_iptables|flatten(levels=1) }}"
  notify:
    - save iptables rules

- name: iptables-Regeln setzen (HTTPS)
  iptables:
    action: append
    chain: INPUT
    comment: "{{ item.comment }}"
    destination: "{{ item.dest | default(omit) }}"
    destination_port: "{{ item.dest_port | default(3129) }}"
    jump: ACCEPT
    # limit: 100/s
    # limit_burst: 1000/s
    protocol: tcp
    # rule_num: 1
    source: "{{ item.src | default(omit) }}"
    source_port: "{{ item.src_port | default(omit) }}"
    state: "{{ item.state | default('present') }}"
    table: filter
  loop: "{{ vault_iptables|flatten(levels=1) }}"
  notify:
    - save iptables rules