blob: 5f4bb0882c705f7f7bf5036fa2ae48a9fc31e2b1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
- name: Create temporary file
ansible.builtin.tempfile:
register: rules_file
- name: Configure rules in temporary file
become: true
ansible.builtin.template:
src: '{{ item.src }}'
dest: '{{ rules_file.path }}'
owner: root
group: root
mode: '640'
- name: Print temporary file path
ansible.builtin.debug:
msg: 'Temporary rules file: {{ rules_file.path }}'
# If I simply restart the netfilter-persistent service, it happily restarts,
# effectively ignoring errors in files. That way the operator doesn't get
# feedback if the rules file is malformed.
- name: Check that rules are valid
become: true
ansible.builtin.command:
argv:
- '/usr/sbin/{{ item.tool }}-restore'
- --test
- '{{ rules_file.path }}'
changed_when: false
- name: Copy rules to /etc/iptables
become: true
ansible.builtin.copy:
remote_src: true
src: '{{ rules_file.path }}'
dest: '{{ item.dest }}'
owner: root
group: root
mode: '640'
notify: firewall_reboot
- name: Remove temporary file
become: true
ansible.builtin.file:
path: '{{ rules_file.path }}'
state: absent
|