From 0f9684ecee0bdabf24d2dcff8fd2cc36b7f67eb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <Joerg.Sachse@slub-dresden.de>
Date: Mon, 21 Feb 2022 10:26:45 +0100
Subject: [PATCH] fix: add handler to save changed iptables filter rules

---
 handlers/main.yml                     | 20 ++++++++++++++++++++
 tasks/configure_iptables_external.yml |  1 +
 2 files changed, 21 insertions(+)

diff --git a/handlers/main.yml b/handlers/main.yml
index 96b818b..26f5fa9 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -3,3 +3,23 @@
   systemd:
     name: "postgresql"
     state: restarted
+
+- name: save iptables rules (Debian)
+  block:
+    - name: Ordner für iptables-Config erstellen
+      file:
+        path: "/etc/iptables"
+        state: directory
+        owner: "root"
+        group: "root"
+        mode: 0755
+      listen: "save iptables rules"
+    - name: install netfilter-persistent to be able to save iptables rules
+      apt:
+        name: netfilter-persistent
+        state: present
+      listen: "save iptables rules"
+    - name: save iptables rules
+      command: 'netfilter-persistent save'
+      listen: "save iptables rules"
+  when: ansible_os_family == "Debian"
diff --git a/tasks/configure_iptables_external.yml b/tasks/configure_iptables_external.yml
index e18f847..f0326fa 100644
--- a/tasks/configure_iptables_external.yml
+++ b/tasks/configure_iptables_external.yml
@@ -9,3 +9,4 @@
     protocol: "{{ item.protocol | default('tcp') }}"
     source: "{{ item.source }}"
   loop: "{{ vault_iptables_external }}"
+  notify: save iptables rules (Debian)
-- 
GitLab