Select Git revision
configure_iptables.yml
configure_iptables.yml 2.18 KiB
---
# - name: clean IPtables rules (1)
# iptables:
# chain: "INPUT"
# ip_version: "{{ item }}"
# policy: "ACCEPT"
# loop:
# - "ipv4"
# - "ipv6"
# notify:
# - save iptables rules
# tags: [molecule-notest]
#
# - name: clean IPtables rules (2)
# iptables:
# chain: "INPUT"
# flush: "true"
# notify:
# - save iptables rules
# tags: [molecule-notest]
# Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT
iptables:
action: "insert"
chain: "INPUT"
comment: "{{ item.comment | default(omit) }}"
destination: "{{ item.dest | default(omit) }}"
destination_port: "{{ item.dest_port | default(omit) }}"
icmp_type: "{{ item.icmp_type | default(omit) }}"
ip_version: "ipv4"
jump: "ACCEPT"
limit: "{{ item.limit | default(omit) }}"
limit_burst: "{{ item.limit | default(omit) }}"
protocol: "{{ item.proto | default('tcp') }}"
# rule_num: 1
source: "{{ item.src | default(omit) }}"
source_port: "{{ item.src_port | default(omit) }}"
state: "{{ item.state }}"
table: "filter"
loop: "{{ vault_iptables_input_general|flatten(levels=1) }}"
notify:
- save iptables rules
tags: [molecule-notest]
# http://shouldiblockicmp.com
# TODO: Outgoing iptables Regeln erstellen, und bloß keine vergessen!!!
## Configure specific rules - Chain OUTPUT
# - name: iptables-Regeln (IPv4) setzen - Chain OUTPUT
# iptables:
# action: "insert"
# chain: OUTPUT
# comment: "{{ item.comment }}"
# destination: "{{ item.dest | default(omit) }}"
# destination_port: "{{ item.dest_port | default(omit) }}"
# icmp_type: "{{ item.icmp_type | default(omit) }}"
# ip_version: ipv4
# jump: ACCEPT
# limit: "{{ item.limit | default(omit) }}"
# limit_burst: "{{ item.limit | default(omit) }}"
# protocol: "{{ item.proto | default('tcp') }}"
## rule_num: 1
# source: "{{ item.src | default(omit) }}"
# source_port: "{{ item.src_port | default(omit) }}"
# state: "{{ item.state }}"
# table: filter
# loop: "{{ vault_iptables_output|flatten(levels=1) }}"
# notify:
# - save iptables rules