blob: 5675276d8023580fab9990f71a7c2ad186b564ae (
plain) (
tree)
|
|
- name: Create temporary file
ansible.builtin.tempfile:
register: rules_file
- name: Configure rules in temporary file
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ rules_file.path }}'
owner: root
group: root
mode: '640'
- name: Print temporary file path
ansible.builtin.debug:
msg: 'Temporary rules file: {{ rules_file.path }}'
# If I simply restart the netfilter-persistent service, it happily restarts,
# effectively ignoring errors in files. That way the operator doesn't get
# feedback if the rules file is malformed.
- name: Check that rules are valid
become: true
ansible.builtin.command:
argv:
- '/usr/sbin/{{ item.tool }}-restore'
- --test
- '{{ rules_file.path }}'
changed_when: false
- name: Copy rules to /etc/iptables
become: true
ansible.builtin.copy:
remote_src: true
src: '{{ rules_file.path }}'
dest: '{{ item.dest }}'
owner: root
group: root
mode: '640'
notify: Reboot
- name: Remove temporary file
become: true
ansible.builtin.file:
path: '{{ rules_file.path }}'
state: absent
|
