| 1234567891011121314151617181920212223242526272829303132 |
- ---
- - name: Netmaster IPtables | Add internal rules
- iptables:
- action: insert
- chain: INPUT
- # Parsed from the contiv_netmaster_internal list, this will be tcp or udp.
- protocol: "{{ item[0].split('/')[1] }}"
- match: "{{ item[0].split('/')[1] }}"
- # Parsed from the contiv_netmaster_internal list, this will be a port number.
- destination_port: "{{ item[0].split('/')[0] }}"
- # This is an IP address from a node in the cluster.
- source: "{{ item[1] }}"
- jump: ACCEPT
- comment: contiv
- with_nested:
- - "{{ contiv_netmaster_internal }}"
- - "{{ groups.oo_nodes_to_config|difference(hostvars[inventory_hostname]['ansible_' + contiv_netmaster_interface].ipv4.address)|list }}"
- notify: Save iptables rules
- - name: Netmaster IPtables | Add external rules
- iptables:
- action: insert
- chain: INPUT
- # Parsed from the contiv_netmaster_external list, this will be tcp or udp.
- protocol: "{{ item.split('/')[1] }}"
- match: "{{ item.split('/')[1] }}"
- # Parsed from the contiv_netmaster_external list, this will be a port number.
- destination_port: "{{ item.split('/')[0] }}"
- jump: ACCEPT
- comment: contiv
- with_items: "{{ contiv_netmaster_external }}"
- notify: Save iptables rules
|
