add firewall role

author: Egor Tensin <Egor.Tensin@gmail.com> 2023-08-08 20:14:32 +0200
committer: Egor Tensin <Egor.Tensin@gmail.com> 2023-08-08 22:17:16 +0200
commit: bc2d42aab02b5ef9e27ee59a03543b41d99adf04 (patch)
tree: a84f4ff375e1be7893de190c0f67cd8b64717958 /roles/firewall/tasks
parent: v0.0.3 (diff)
download: infra-ansible-bc2d42aab02b5ef9e27ee59a03543b41d99adf04.tar.gz
infra-ansible-bc2d42aab02b5ef9e27ee59a03543b41d99adf04.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..9fcf543
--- /dev/null
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Install iptables-persistent
+  become: true
+  ansible.builtin.apt:
+    install_recommends: false
+    name: iptables-persistent
+    state: present
+
+- name: 'Configure rules'
+  become: true
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: root
+    group: root
+    mode: '640'
+  loop:
+    - {src: rules.v4, dest: /etc/iptables/rules.v4}
+    - {src: rules.v6, dest: /etc/iptables/rules.v6}
+  notify: Reload iptables
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
author	Egor Tensin <Egor.Tensin@gmail.com>	2023-08-08 20:14:32 +0200
committer	Egor Tensin <Egor.Tensin@gmail.com>	2023-08-08 22:17:16 +0200
commit	bc2d42aab02b5ef9e27ee59a03543b41d99adf04 (patch)
tree	a84f4ff375e1be7893de190c0f67cd8b64717958 /roles/firewall/tasks
parent	v0.0.3 (diff)
download	infra-ansible-bc2d42aab02b5ef9e27ee59a03543b41d99adf04.tar.gz infra-ansible-bc2d42aab02b5ef9e27ee59a03543b41d99adf04.zip