44 lines
1.1 KiB
YAML
44 lines
1.1 KiB
YAML
---
|
|
- name: Ensure iptables is installed.
|
|
package: name=iptables state=installed
|
|
|
|
- name: Flush iptables the first time playbook runs.
|
|
command: >
|
|
iptables -F
|
|
creates=/etc/firewall.bash
|
|
|
|
- name: Copy firewall script into place.
|
|
template:
|
|
src: firewall.bash.j2
|
|
dest: /etc/firewall.bash
|
|
owner: root
|
|
group: root
|
|
mode: 0744
|
|
notify: restart firewall
|
|
|
|
- name: Copy firewall init script into place.
|
|
template:
|
|
src: firewall.init.j2
|
|
dest: /etc/init.d/firewall
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
when: "ansible_service_mgr != 'systemd'"
|
|
|
|
- name: Copy firewall systemd unit file into place (for systemd systems).
|
|
template:
|
|
src: firewall.unit.j2
|
|
dest: /etc/systemd/system/firewall.service
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
when: "ansible_service_mgr == 'systemd'"
|
|
|
|
- name: Configure the firewall service.
|
|
service:
|
|
name: firewall
|
|
state: "{{ firewall_state }}"
|
|
enabled: "{{ firewall_enabled_at_boot }}"
|
|
|
|
- include: disable-other-firewalls.yml
|
|
when: firewall_disable_firewalld or firewall_disable_ufw
|