| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- ---
- - name: Install iptables packages
- yum:
- name: "{{ item }}"
- state: present
- with_items:
- - iptables
- - iptables-services
- - name: Start and enable iptables services
- service:
- name: "{{ os_firewall_svc }}"
- state: started
- enabled: yes
- with_items:
- - iptables
- - ip6tables
- register: result
- - name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail
- pause: seconds=10
- when: result | changed
- - name: Ensure firewalld service is not enabled
- service:
- name: firewalld
- state: stopped
- enabled: no
- - name: Mask firewalld service
- command: systemctl mask firewalld
- register: result
- failed_when: result.rc != 0
- changed_when: False
- ignore_errors: yes
- - name: Add iptables allow rules
- os_firewall_manage_iptables:
- name: "{{ item.service }}"
- action: add
- protocol: "{{ item.port.split('/')[1] }}"
- port: "{{ item.port.split('/')[0] }}"
- with_items: allow
- when: allow is defined
- - name: Remove iptables rules
- os_firewall_manage_iptables:
- name: "{{ item.service }}"
- action: remove
- protocol: "{{ item.port.split('/')[1] }}"
- port: "{{ item.port.split('/')[0] }}"
- with_items: deny
- when: deny is defined
|
