aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/firewall/tasks/main.yml
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-09-01 01:52:17 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-09-01 01:56:40 +0200
commita3d39b262e525937bfbbd0abb6e5b9e36668d6a6 (patch)
tree60437573320fad15800eb3086ca1639d40f887be /roles/firewall/tasks/main.yml
parentfix some ansible-lint warnings (diff)
downloadinfra-ansible-a3d39b262e525937bfbbd0abb6e5b9e36668d6a6.tar.gz
infra-ansible-a3d39b262e525937bfbbd0abb6e5b9e36668d6a6.zip
firewall: using the validate arg for testing the config
Diffstat (limited to 'roles/firewall/tasks/main.yml')
-rw-r--r--roles/firewall/tasks/main.yml10
1 files changed, 9 insertions, 1 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index c17a4e3..909eaa4 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -6,7 +6,15 @@
install_recommends: false
- name: Configure rule files
- ansible.builtin.include_tasks: file.yml
+ become: true
+ ansible.builtin.template:
+ src: '{{ item.src }}'
+ dest: '{{ item.dest }}'
+ owner: root
+ group: root
+ mode: '640'
+ validate: '/usr/sbin/{{ item.tool }}-restore --test %s'
+ notify: firewall_reboot
loop:
- {src: rules.v4.j2, dest: /etc/iptables/rules.v4, tool: iptables}
- {src: rules.v6.j2, dest: /etc/iptables/rules.v6, tool: ip6tables}