aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/firewall/tasks/main.yml
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-08-10 20:21:18 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-08-10 20:46:16 +0200
commit2886694a77ad37d64b2ef5b2d181fa046dab4055 (patch)
treec3d21c680b70a80f5eea0b94f51e8cf26b2e1ee5 /roles/firewall/tasks/main.yml
parentv0.0.8 (diff)
downloadinfra-ansible-2886694a77ad37d64b2ef5b2d181fa046dab4055.tar.gz
infra-ansible-2886694a77ad37d64b2ef5b2d181fa046dab4055.zip
firewall: don't put invalid rules in /etc/iptables/
Diffstat (limited to '')
-rw-r--r--roles/firewall/tasks/main.yml30
1 files changed, 4 insertions, 26 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 787701c..95d02d3 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -5,33 +5,11 @@
name: iptables-persistent
state: present
-- name: Configure rules
- become: true
- ansible.builtin.template:
- src: '{{ item.src }}'
- dest: '{{ item.dest }}'
- owner: root
- group: root
- mode: '640'
- loop:
- - {src: rules.v4, dest: /etc/iptables/rules.v4}
- - {src: rules.v6, dest: /etc/iptables/rules.v6}
- notify: Reboot
-
-# If I simply restart the netfilter-persistent service, it happily restarts,
-# effectively ignoring errors in files. That way the operator doesn't get
-# feedback if the rules file is malformed.
-- name: Check that the rule files are valid
- become: true
- ansible.builtin.command:
- argv:
- - '/usr/sbin/{{ item.iptables }}-restore'
- - --test
- - '{{ item.dest }}'
- changed_when: false
+- name: Configure rule files
+ ansible.builtin.include_tasks: file.yml
loop:
- - {iptables: iptables, dest: /etc/iptables/rules.v4}
- - {iptables: ip6tables, dest: /etc/iptables/rules.v6}
+ - {src: rules.v4, dest: /etc/iptables/rules.v4, tool: iptables}
+ - {src: rules.v6, dest: /etc/iptables/rules.v6, tool: ip6tables}
- name: Reboot if necessary
ansible.builtin.meta: flush_handlers