Configure v4 and v6 iptable rulesets.

2 files changed, 35 insertions, 0 deletions

diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
new file mode 100644
index 0000000..2913a9e
--- /dev/null
+++ b/roles/common/tasks/firewall.yml
@@ -0,0 +1,34 @@
+- name: Install some packages required for the firewall
+  apt: pkg={{ item }}
+  with_items:
+    - iptables
+    - netmask
+    - bsdutils
+
+- name: Create directory /etc/iptables
+  file: path=/etc/iptables
+        owner=root group=root
+        state=directory
+        mode=0755
+
+- name: Generate /etc/iptables/services
+  template: src=etc/iptables/services.j2
+            dest=/etc/iptables/services
+            owner=root group=root
+            mode=0600
+  notify:
+    - Unsafe firewall update
+
+- name: Copy /usr/local/sbin/update-firewall.sh
+  copy: src=usr/local/sbin/update-firewall.sh
+        dest=/usr/local/sbin/update-firewall.sh
+        owner=root group=root
+        mode=0755
+  notify:
+    - Unsafe firewall update
+
+- name: Make the iptable ruleset persistent
+  copy: src=etc/network/if-pre-up.d/iptables
+        dest=/etc/network/if-pre-up.d/iptables
+        owner=root group=root
+        mode=0755
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index d6a4266..460ffdd 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -2,3 +2,4 @@
 - include: sysctl.yml   tags=sysctl
 - include: hosts.yml
 - include: apt.yml      tags=apt
+- include: firewall.yml tags=firewall,iptables