aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/firewall/tasks/file.yml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--roles/firewall/tasks/file.yml45
1 files changed, 45 insertions, 0 deletions
diff --git a/roles/firewall/tasks/file.yml b/roles/firewall/tasks/file.yml
new file mode 100644
index 0000000..a703d3b
--- /dev/null
+++ b/roles/firewall/tasks/file.yml
@@ -0,0 +1,45 @@
+- name: Create a temporary file
+ ansible.builtin.tempfile:
+ register: rules_file
+
+- name: Configure rules in a temporary file
+ become: true
+ ansible.builtin.template:
+ src: '{{ item.src }}'
+ dest: '{{ rules_file.path }}'
+ owner: root
+ group: root
+ mode: '640'
+
+- name: Print temporary file path
+ ansible.builtin.debug:
+ msg: 'Temporary rules file: {{ rules_file.path }}'
+
+# If I simply restart the netfilter-persistent service, it happily restarts,
+# effectively ignoring errors in files. That way the operator doesn't get
+# feedback if the rules file is malformed.
+- name: Check that the rules are valid
+ become: true
+ ansible.builtin.command:
+ argv:
+ - '/usr/sbin/{{ item.tool }}-restore'
+ - --test
+ - '{{ rules_file.path }}'
+ changed_when: false
+
+- name: Copy rules to /etc/iptables
+ become: true
+ ansible.builtin.copy:
+ remote_src: true
+ src: '{{ rules_file.path }}'
+ dest: '{{ item.dest }}'
+ owner: root
+ group: root
+ mode: '640'
+ notify: Reboot
+
+- name: Remove temporary file
+ become: true
+ ansible.builtin.file:
+ path: '{{ rules_file.path }}'
+ state: absent
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 22:00:12 +0000