Select Git revision
main.yml 2.07 KiB
---
- name: save iptables rules (Debian)
block:
- name: Ordner für iptables-Config erstellen
ansible.builtin.file:
path: "/etc/iptables"
state: directory
owner: "root"
group: "root"
mode: 0755
listen: "save iptables rules"
- name: install netfilter-persistent to be able to save iptables rules
ansible.builtin.apt:
name: netfilter-persistent
state: present
listen: "save iptables rules"
- name: save iptables rules
ansible.builtin.command: 'netfilter-persistent save'
listen: "save iptables rules"
changed_when: false
when: ansible_os_family == "Debian"
- name: save iptables rules (RedHat)
block:
- name: make sure iptables config file exists
ansible.builtin.file:
path: "/etc/sysconfig/iptables"
state: touch
owner: "root"
group: "root"
mode: 0600
listen: "save iptables rules"
- name: save rules
ansible.builtin.command: /usr/sbin/iptables-save # noqa 303
listen: "save iptables rules"
changed_when: false
when: ansible_os_family == "RedHat"
- name: activate kernel parameter changes
ansible.builtin.command: sysctl -p
changed_when: false
- name: restart fail2ban.service
ansible.builtin.service:
name: "fail2ban"
state: restarted
- name: restart sshd
ansible.builtin.service:
name: "sshd"
state: restarted
- name: restart auditd.service
ansible.builtin.service:
name: "auditd"
state: restarted
when: ansible_os_family == "Debian"
listen: restart auditd.service
- name: restart auditd.service
ansible.builtin.service:
name: "auditd"
state: restarted
use: "service"
when: ansible_os_family == "RedHat"
listen: restart auditd.service
- name: restart clamav-daemon service
ansible.builtin.service:
name: "clamav-daemon"