diff options
Diffstat (limited to 'roles/firewall/tasks/main.yml')
| -rw-r--r-- | roles/firewall/tasks/main.yml | 30 |
1 files changed, 4 insertions, 26 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index 787701c..95d02d3 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -5,33 +5,11 @@ name: iptables-persistent state: present -- name: Configure rules - become: true - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ item.dest }}' - owner: root - group: root - mode: '640' - loop: - - {src: rules.v4, dest: /etc/iptables/rules.v4} - - {src: rules.v6, dest: /etc/iptables/rules.v6} - notify: Reboot - -# If I simply restart the netfilter-persistent service, it happily restarts, -# effectively ignoring errors in files. That way the operator doesn't get -# feedback if the rules file is malformed. -- name: Check that the rule files are valid - become: true - ansible.builtin.command: - argv: - - '/usr/sbin/{{ item.iptables }}-restore' - - --test - - '{{ item.dest }}' - changed_when: false +- name: Configure rule files + ansible.builtin.include_tasks: file.yml loop: - - {iptables: iptables, dest: /etc/iptables/rules.v4} - - {iptables: ip6tables, dest: /etc/iptables/rules.v6} + - {src: rules.v4, dest: /etc/iptables/rules.v4, tool: iptables} + - {src: rules.v6, dest: /etc/iptables/rules.v6, tool: ip6tables} - name: Reboot if necessary ansible.builtin.meta: flush_handlers |