ansible/roles/firewall/tasks/main.yaml

100 lines
2.4 KiB
YAML
Raw Permalink Normal View History

2019-08-25 02:06:19 +00:00
---
- name: gather OS specific variables
2022-08-31 03:19:06 +00:00
ansible.builtin.include_vars: "{{ item }}"
2019-08-25 02:06:19 +00:00
with_first_found:
- "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
2019-11-25 00:55:55 +00:00
- name: install iptables
package:
name: "{{ firewall_iptables_package_name }}"
state: "{{ firewall_iptables_package_state }}"
2019-08-25 02:06:19 +00:00
- name: install iptables-persistent
package:
name: "{{ firewall_iptables_persistent_package_name }}"
state: "{{ firewall_iptables_persistent_package_state }}"
- name: manage iptables-persistent service
service:
name: "{{ firewall_iptables_persistent_service_name }}"
state: "{{ firewall_iptables_persistent_service_state }}"
enabled: "{{ firewall_iptables_persistent_service_enabled }}"
- name: install ipset
package:
name: "{{ firewall_ipset_package_name }}"
state: "{{ firewall_ipset_package_state }}"
2019-09-02 17:50:56 +00:00
- name: install ulogd
package:
name: "{{ firewall_ulogd_package_name }}"
state: "{{ firewall_ulogd_package_state }}"
- name: configure ulogd
template:
src: ulogd.conf.j2
dest: "{{ firewall_ulogd_config_path }}"
owner: root
group: root
mode: 0600
notify: restart ulogd
- name: manage ulogd service
service:
name: "{{ firewall_ulogd_service_name }}"
state: "{{ firewall_ulogd_service_state }}"
enabled: "{{ firewall_ulogd_service_enabled }}"
2019-08-25 02:06:19 +00:00
- name: patch iptables-persistent service for ipset
template:
src: 14-ipset.j2
dest: "{{ firewall_iptables_persistent_plugin_path }}/14-ipset"
owner: root
group: root
mode: 0755
- name: configure iptables clear rules
copy:
src: "{{ item }}"
dest: /etc/iptables/{{ item }}
loop:
- clear.v4
- clear.v6
2022-08-30 12:22:53 +00:00
- name: configure ipsets
2019-08-25 02:06:19 +00:00
template:
2022-08-30 12:22:53 +00:00
src: ipset.j2
dest: "{{ firewall_ipset }}"
2019-08-25 02:06:19 +00:00
owner: root
group: root
mode: 0600
notify:
2022-08-30 12:22:53 +00:00
- reload ipset
2019-08-25 02:06:19 +00:00
- iptables-persistent
- name: configure IPv4 firewall
template:
src: iptables.j2
dest: "{{ firewall_iptables_rules_v4 }}"
owner: root
group: root
mode: 0600
notify:
- restart firewall v4
- iptables-persistent
- name: configure IPv6 firewall
template:
src: ip6tables.j2
dest: "{{ firewall_iptables_rules_v6 }}"
owner: root
group: root
mode: 0600
notify:
- restart firewall v6
- iptables-persistent
# vim:ft=yaml.ansible: