Skip to content
Snippets Groups Projects
Commit 6eb912c4 authored by Jörg Sachse's avatar Jörg Sachse
Browse files

fix: set default policy in the last step instead of an earlier step to avoid getting locked out

parent 12c80f67
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
tasks/configure_iptables.yml
+ 24
24
View file @ 6eb912c4
...@@ -69,30 +69,6 @@ ...@@ -69,30 +69,6 @@
# notify: # notify:
# - save iptables rules # - save iptables rules
# Set default policy for INPUT chain
- name: iptables-Policy für INPUT-Chain setzen
ansible.builtin.iptables:
chain: "INPUT"
ip_version: "{{ item }}"
policy: "DROP"
loop:
- "ipv4"
- "ipv6"
notify:
- save iptables rules
## Set default policy for OUTPUT chain
# - name: iptables-Policy für OUTPUT-Chain setzen
# ansible.builtin.iptables:
# chain: "OUTPUT"
# ip_version: "{{ item }}"
# policy: "DROP"
# loop:
# - "ipv4"
# - "ipv6"
# notify:
# - save iptables rules
# Configure specific rules - Chain INPUT # Configure specific rules - Chain INPUT
- name: iptables-Regeln (IPv4) setzen - Chain INPUT - name: iptables-Regeln (IPv4) setzen - Chain INPUT
ansible.builtin.iptables: ansible.builtin.iptables:
...@@ -190,3 +166,27 @@ ...@@ -190,3 +166,27 @@
- chain: "FORWARD" - chain: "FORWARD"
notify: notify:
- save iptables rules - save iptables rules
# Set default policy for INPUT chain
- name: iptables-Policy für INPUT-Chain setzen
ansible.builtin.iptables:
chain: "INPUT"
ip_version: "{{ item }}"
policy: "DROP"
loop:
- "ipv4"
- "ipv6"
notify:
- save iptables rules
## Set default policy for OUTPUT chain
# - name: iptables-Policy für OUTPUT-Chain setzen
# ansible.builtin.iptables:
# chain: "OUTPUT"
# ip_version: "{{ item }}"
# policy: "DROP"
# loop:
# - "ipv4"
# - "ipv6"
# notify:
# - save iptables rules
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

DE: Impressum · Datenschutzerklärung | EN: Legal Notice · Privacy Policy