ansible-ffibk/roles/network-iptables-gateway/tasks/main.yml

---
- name: install iptables packages
  package:
    name: "{{ item }}"
    state: present
  with_items:
    - iptables
    - iptables-persistent

- name: load netfilter modules
  modprobe:
    name: "{{ item }}"
    state: present
  with_items:
    - nf_conntrack
    - nf_conntrack_ipv4

- name: set netfilter sysctl settings
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
  with_items: "{{ sysctl_settings_netfilter }}"

- name: write iptables configuration
  template:
    src: rules.v4.j2
    dest: /etc/iptables/rules.v4
  notify: iptables-restore

- name: write ip6tables configuration
  template:
    src: rules.v6.j2
    dest: /etc/iptables/rules.v6
  notify: ip6tables-restore
Add role network-iptables-gateway - move netfilter specific sysctl settings 2017-10-02 11:18:16 +02:00			`---`
			`- name: install iptables packages`
Use package module where possible instead of apt 2017-10-11 17:53:20 +02:00			`package:`
Add role network-iptables-gateway - move netfilter specific sysctl settings 2017-10-02 11:18:16 +02:00			`name: "{{ item }}"`
			`state: present`
			`with_items:`
			`- iptables`
			`- iptables-persistent`

			`- name: load netfilter modules`
			`modprobe:`
			`name: "{{ item }}"`
			`state: present`
			`with_items:`
			`- nf_conntrack`
			`- nf_conntrack_ipv4`

			`- name: set netfilter sysctl settings`
			`sysctl:`
			`name: "{{ item.name }}"`
			`value: "{{ item.value }}"`
			`state: present`
			`with_items: "{{ sysctl_settings_netfilter }}"`

			`- name: write iptables configuration`
			`template:`
			`src: rules.v4.j2`
			`dest: /etc/iptables/rules.v4`
			`notify: iptables-restore`

			`- name: write ip6tables configuration`
			`template:`
			`src: rules.v6.j2`
			`dest: /etc/iptables/rules.v6`
			`notify: ip6tables-restore`