diff options
Diffstat (limited to 'roles/firewall/tasks/main.yml')
| -rw-r--r-- | roles/firewall/tasks/main.yml | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index 345f6a6..787701c 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -5,7 +5,7 @@ name: iptables-persistent state: present -- name: 'Configure rules' +- name: Configure rules become: true ansible.builtin.template: src: '{{ item.src }}' @@ -18,5 +18,20 @@ - {src: rules.v6, dest: /etc/iptables/rules.v6} notify: Reboot +# If I simply restart the netfilter-persistent service, it happily restarts, +# effectively ignoring errors in files. That way the operator doesn't get +# feedback if the rules file is malformed. +- name: Check that the rule files are valid + become: true + ansible.builtin.command: + argv: + - '/usr/sbin/{{ item.iptables }}-restore' + - --test + - '{{ item.dest }}' + changed_when: false + loop: + - {iptables: iptables, dest: /etc/iptables/rules.v4} + - {iptables: ip6tables, dest: /etc/iptables/rules.v6} + - name: Reboot if necessary ansible.builtin.meta: flush_handlers |