ryanc/ansible
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Change default iptables policy

Browse Source 
We have a final reject rule and this will prevent disconnections during a reload
This commit is contained in:
Ryan Cavicchioni 2019-11-24 19:01:07 -06:00
parent b8c39416de
commit 4ddd1ed439
Signed by: ryanc
GPG Key ID: 877EEDAF9245103D
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/firewall/defaults/main.yaml
View File

@ -26,13 +26,13 @@ firewall_ipset_save_path: /etc/iptables/ipset
firewall_ipset_package_name: ipset firewall_ipset_package_name: ipset
firewall_ipset_package_state: present firewall_ipset_package_state: present
firewall_iptables_input_policy: DROP firewall_iptables_input_policy: ACCEPT
firewall_iptables_output_policy: ACCEPT firewall_iptables_output_policy: ACCEPT
firewall_iptables_forward_policy: DROP firewall_iptables_forward_policy: ACCEPT
firewall_iptables_input_policy_v6: DROP firewall_iptables_input_policy_v6: ACCEPT
firewall_iptables_output_policy_v6: ACCEPT firewall_iptables_output_policy_v6: ACCEPT
firewall_iptables_forward_policy_v6: DROP firewall_iptables_forward_policy_v6: ACCEPT
firewall_use_ulogd: true firewall_use_ulogd: true
firewall_ulogd_package_name: ulogd2 firewall_ulogd_package_name: ulogd2