From 6eb912c4d1476d69f13a5d6ff127a7c9dacc02fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Tue, 3 Sep 2024 16:44:47 +0200
Subject: [PATCH] fix: set default policy in the last step instead of an
 earlier step to avoid getting locked out

---
 tasks/configure_iptables.yml | 48 ++++++++++++++++++------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/tasks/configure_iptables.yml b/tasks/configure_iptables.yml
index 9fc07be..f50b1d6 100644
--- a/tasks/configure_iptables.yml
+++ b/tasks/configure_iptables.yml
@@ -69,30 +69,6 @@
 #   notify:
 #     - save iptables rules
 
-# Set default policy for INPUT chain
-- name: iptables-Policy für INPUT-Chain setzen
-  ansible.builtin.iptables:
-    chain: "INPUT"
-    ip_version: "{{ item }}"
-    policy: "DROP"
-  loop:
-    - "ipv4"
-    - "ipv6"
-  notify:
-    - save iptables rules
-
-## Set default policy for OUTPUT chain
-# - name: iptables-Policy für OUTPUT-Chain setzen
-#   ansible.builtin.iptables:
-#     chain: "OUTPUT"
-#     ip_version: "{{ item }}"
-#     policy: "DROP"
-#   loop:
-#     - "ipv4"
-#     - "ipv6"
-#   notify:
-#     - save iptables rules
-
 # Configure specific rules - Chain INPUT
 - name: iptables-Regeln (IPv4) setzen - Chain INPUT
   ansible.builtin.iptables:
@@ -190,3 +166,27 @@
     - chain: "FORWARD"
   notify:
     - save iptables rules
+
+# Set default policy for INPUT chain
+- name: iptables-Policy für INPUT-Chain setzen
+  ansible.builtin.iptables:
+    chain: "INPUT"
+    ip_version: "{{ item }}"
+    policy: "DROP"
+  loop:
+    - "ipv4"
+    - "ipv6"
+  notify:
+    - save iptables rules
+
+## Set default policy for OUTPUT chain
+# - name: iptables-Policy für OUTPUT-Chain setzen
+#   ansible.builtin.iptables:
+#     chain: "OUTPUT"
+#     ip_version: "{{ item }}"
+#     policy: "DROP"
+#   loop:
+#     - "ipv4"
+#     - "ipv6"
+#   notify:
+#     - save iptables rules
-- 
GitLab