ansible-playbooks/ubuntu/roles/firewall-ruleset-deploy/tasks/main.yml

---
# This role deploys firewall rulesets to Ubuntu hosts

- name: Make sure iptables and netfilter-persistent are installed
  apt:
    name: "{{ packages }}"
    state: latest
  vars:
    packages:
    - iptables-persistent
    - netfilter-persistent
    - ipset

- name: Copy defaults file with our mods
  copy:
    src: netfilter-persistent
    dest: /etc/default/netfilter-persistent

- name: Copy IPv4 ruleset
  copy:
    src: "{{ ansible_fqdn }}.rules.v4"
    dest: /etc/iptables/rules.v4
  notify:
    - restart netfilter-persistent-v4

- name: Copy IPv6 ruleset
  copy:
    src: "{{ ansible_fqdn }}.rules.v6"
    dest: /etc/iptables/rules.v6
  notify:
    - restart netfilter-persistent-v6
add firewall-ruleset-deploy playbook and gard's ruleset 2019-08-22 01:52:12 +00:00			`---`
			`# This role deploys firewall rulesets to Ubuntu hosts`

			`- name: Make sure iptables and netfilter-persistent are installed`
			`apt:`
			`name: "{{ packages }}"`
			`state: latest`
			`vars:`
			`packages:`
			`- iptables-persistent`
			`- netfilter-persistent`
add ipset package install to ubuntu/roles/firewall-ruleset-deploy/tasks/main.yml 2019-11-17 21:22:19 +00:00			`- ipset`
add firewall-ruleset-deploy playbook and gard's ruleset 2019-08-22 01:52:12 +00:00
we use a default file for netfilter-persistent 2020-04-15 02:29:49 +00:00			`- name: Copy defaults file with our mods`
			`copy:`
			`src: netfilter-persistent`
			`dest: /etc/default/netfilter-persistent`

add firewall-ruleset-deploy playbook and gard's ruleset 2019-08-22 01:52:12 +00:00			`- name: Copy IPv4 ruleset`
			`copy:`
maybe fully enclosed? 2019-08-22 02:00:41 +00:00			`src: "{{ ansible_fqdn }}.rules.v4"`
add firewall-ruleset-deploy playbook and gard's ruleset 2019-08-22 01:52:12 +00:00			`dest: /etc/iptables/rules.v4`
add handlers to firewall-ruleset-deploy 2019-08-26 01:08:25 +00:00			`notify:`
			`- restart netfilter-persistent-v4`
add firewall-ruleset-deploy playbook and gard's ruleset 2019-08-22 01:52:12 +00:00
			`- name: Copy IPv6 ruleset`
			`copy:`
maybe fully enclosed? 2019-08-22 02:00:41 +00:00			`src: "{{ ansible_fqdn }}.rules.v6"`
add firewall-ruleset-deploy playbook and gard's ruleset 2019-08-22 01:52:12 +00:00			`dest: /etc/iptables/rules.v6`
add handlers to firewall-ruleset-deploy 2019-08-26 01:08:25 +00:00			`notify:`
			`- restart netfilter-persistent-v6`