32 lines
698 B
YAML
32 lines
698 B
YAML
---
|
|
# This role deploys firewall rulesets to Ubuntu hosts
|
|
|
|
- name: Make sure iptables and netfilter-persistent are installed
|
|
apt:
|
|
name: "{{ packages }}"
|
|
state: latest
|
|
vars:
|
|
packages:
|
|
- iptables-persistent
|
|
- netfilter-persistent
|
|
- ipset
|
|
|
|
- name: Copy defaults file with our mods
|
|
copy:
|
|
src: netfilter-persistent
|
|
dest: /etc/default/netfilter-persistent
|
|
|
|
- name: Copy IPv4 ruleset
|
|
copy:
|
|
src: "{{ ansible_fqdn }}.rules.v4"
|
|
dest: /etc/iptables/rules.v4
|
|
notify:
|
|
- restart netfilter-persistent-v4
|
|
|
|
- name: Copy IPv6 ruleset
|
|
copy:
|
|
src: "{{ ansible_fqdn }}.rules.v6"
|
|
dest: /etc/iptables/rules.v6
|
|
notify:
|
|
- restart netfilter-persistent-v6
|