let's try this again with destroy

2020-04-14 22:15:06 -04:00 · 2020-04-14 22:15:06 -04:00 · 53d62d54f5
parent 377a5bcebf
commit 53d62d54f5
2 changed files with 3 additions and 3 deletions
--- a/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v4
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/deirdre.asininetech.net.rules.v4
@ -4,7 +4,7 @@
 :INPUT DROP
 :FORWARD DROP
 :OUTPUT DROP
-#-A INPUT -m set --match-set nasties src -j DROP
+-A INPUT -m set --match-set nasties src -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
--- a/ubuntu/roles/ipset-deploy/tasks/main.yml
+++ b/ubuntu/roles/ipset-deploy/tasks/main.yml
@ -1,9 +1,9 @@
 ---
 # This role deploys ipset rulesets to Ubuntu hosts

- name: Flush any existing ipsets
+- name: Destroy any existing ipsets
  shell:
-    cmd: /sbin/ipset flush
+    cmd: /sbin/ipset destroy

 - name: Copy ipset.service
  copy: