fix: set default policy in the last step instead of an earlier step to avoid getting locked out

6eb912c4 · Jörg Sachse · 12c80f67 · 6eb912c4
Commit 6eb912c4 authored 8 months ago by Jörg Sachse
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -69,30 +69,6 @@
 #   notify:
 #     - save iptables rules

-# Set default policy for INPUT chain
- name: iptables-Policy für INPUT-Chain setzen
-  ansible.builtin.iptables:
-    chain: "INPUT"
-    ip_version: "{{ item }}"
-    policy: "DROP"
-  loop:
-    - "ipv4"
-    - "ipv6"
-  notify:
-    - save iptables rules
-
-## Set default policy for OUTPUT chain
-# - name: iptables-Policy für OUTPUT-Chain setzen
-#   ansible.builtin.iptables:
-#     chain: "OUTPUT"
-#     ip_version: "{{ item }}"
-#     policy: "DROP"
-#   loop:
-#     - "ipv4"
-#     - "ipv6"
-#   notify:
-#     - save iptables rules
-
 # Configure specific rules - Chain INPUT
 - name: iptables-Regeln (IPv4) setzen - Chain INPUT
  ansible.builtin.iptables:
@@ -190,3 +166,27 @@
    - chain: "FORWARD"
  notify:
    - save iptables rules
+
+# Set default policy for INPUT chain
+- name: iptables-Policy für INPUT-Chain setzen
+  ansible.builtin.iptables:
+    chain: "INPUT"
+    ip_version: "{{ item }}"
+    policy: "DROP"
+  loop:
+    - "ipv4"
+    - "ipv6"
+  notify:
+    - save iptables rules
+
+## Set default policy for OUTPUT chain
+# - name: iptables-Policy für OUTPUT-Chain setzen
+#   ansible.builtin.iptables:
+#     chain: "OUTPUT"
+#     ip_version: "{{ item }}"
+#     policy: "DROP"
+#   loop:
+#     - "ipv4"
+#     - "ipv6"
+#   notify:
+#     - save iptables rules