2017-10-02 11:18:16 +02:00
|
|
|
---
|
|
|
|
- name: install iptables packages
|
2017-10-11 17:53:20 +02:00
|
|
|
package:
|
2017-10-02 11:18:16 +02:00
|
|
|
name: "{{ item }}"
|
|
|
|
state: present
|
2018-09-16 12:38:33 +02:00
|
|
|
loop:
|
2017-10-02 11:18:16 +02:00
|
|
|
- iptables
|
|
|
|
- iptables-persistent
|
|
|
|
|
2018-02-23 19:32:30 +01:00
|
|
|
- name: configure nf_conntrack module to load on system boot
|
|
|
|
template:
|
|
|
|
src: nf_conntrack.module.conf.j2
|
|
|
|
dest: /etc/modules-load.d/nf_conntrack.conf
|
|
|
|
|
2017-10-02 11:18:16 +02:00
|
|
|
- name: load netfilter modules
|
|
|
|
modprobe:
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: present
|
2018-09-16 12:38:33 +02:00
|
|
|
loop:
|
2017-10-02 11:18:16 +02:00
|
|
|
- nf_conntrack
|
|
|
|
- nf_conntrack_ipv4
|
|
|
|
|
|
|
|
- name: set netfilter sysctl settings
|
|
|
|
sysctl:
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
value: "{{ item.value }}"
|
|
|
|
state: present
|
2018-09-16 12:38:33 +02:00
|
|
|
loop: "{{ sysctl_settings_netfilter }}"
|
2017-10-02 11:18:16 +02:00
|
|
|
|
|
|
|
- name: write iptables configuration
|
|
|
|
template:
|
|
|
|
src: rules.v4.j2
|
|
|
|
dest: /etc/iptables/rules.v4
|
|
|
|
notify: iptables-restore
|
|
|
|
|
|
|
|
- name: write ip6tables configuration
|
|
|
|
template:
|
|
|
|
src: rules.v6.j2
|
|
|
|
dest: /etc/iptables/rules.v6
|
|
|
|
notify: ip6tables-restore
|