Select Git revision
main.yml 2.40 KiB
---
- name: save iptables rules (Debian)
when: ansible_os_family == "Debian"
block:
- name: Ordner für iptables-Config erstellen
ansible.builtin.file:
path: "/etc/iptables"
state: directory
owner: "root"
group: "root"
mode: "0o755"
listen: "save iptables rules"
- name: install netfilter-persistent to be able to save iptables rules
ansible.builtin.apt:
name: [
'iptables-persistent',
'netfilter-persistent', # required, iptables plugin for netfilter-persistent
]
state: present
listen: "save iptables rules"
- name: save iptables rules
ansible.builtin.command: 'netfilter-persistent save'
listen: "save iptables rules"
changed_when: false
- name: save iptables rules (RedHat)
when: ansible_os_family == "RedHat"
block:
- name: make sure iptables config file exists
ansible.builtin.file:
path: "/etc/sysconfig/iptables"
state: touch
owner: "root"
group: "root"
mode: "0o600"
listen: "save iptables rules"
- name: save rules
ansible.builtin.command: /usr/sbin/iptables-save # noqa command-instead-of-module
listen: "save iptables rules"
changed_when: false
- name: activate kernel parameter changes
ansible.builtin.command: sysctl -p
changed_when: false
- name: restart fail2ban.service
ansible.builtin.service:
name: "fail2ban"
state: restarted
- name: restart sshd
ansible.builtin.service:
name: "sshd"
state: restarted
- name: restart auditd.service
ansible.builtin.service:
name: "auditd"
state: restarted
when: ansible_os_family == "Debian"
listen: restart auditd.service
- name: restart auditd.service
ansible.builtin.service:
name: "auditd"
state: restarted
use: "service"
when: ansible_os_family == "RedHat"
listen: restart auditd.service