From bc2d42aab02b5ef9e27ee59a03543b41d99adf04 Mon Sep 17 00:00:00 2001 From: Egor Tensin Date: Tue, 8 Aug 2023 20:14:32 +0200 Subject: add firewall role --- roles/firewall/tasks/main.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 roles/firewall/tasks/main.yml (limited to 'roles/firewall/tasks/main.yml') diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml new file mode 100644 index 0000000..9fcf543 --- /dev/null +++ b/roles/firewall/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Install iptables-persistent + become: true + ansible.builtin.apt: + install_recommends: false + name: iptables-persistent + state: present + +- name: 'Configure rules' + become: true + ansible.builtin.template: + src: '{{ item.src }}' + dest: '{{ item.dest }}' + owner: root + group: root + mode: '640' + loop: + - {src: rules.v4, dest: /etc/iptables/rules.v4} + - {src: rules.v6, dest: /etc/iptables/rules.v6} + notify: Reload iptables + +- name: Flush handlers + ansible.builtin.meta: flush_handlers -- cgit v1.2.3