summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2013-10-30 21:06:51 +0100
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:50:28 +0200
commitfbde929fce7405f018fc66bb5796bf0a16292913 (patch)
tree25be7bfa8547295694be7658d41cdc9e33423b2a /roles/common/tasks
parente54c9bc8d96bdef1c9a5634f5cff3b66f38f487e (diff)
Configure v4 and v6 iptable rulesets.
Diffstat (limited to 'roles/common/tasks')
-rw-r--r--roles/common/tasks/firewall.yml34
-rw-r--r--roles/common/tasks/main.yml1
2 files changed, 35 insertions, 0 deletions
diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
new file mode 100644
index 0000000..2913a9e
--- /dev/null
+++ b/roles/common/tasks/firewall.yml
@@ -0,0 +1,34 @@
+- name: Install some packages required for the firewall
+ apt: pkg={{ item }}
+ with_items:
+ - iptables
+ - netmask
+ - bsdutils
+
+- name: Create directory /etc/iptables
+ file: path=/etc/iptables
+ owner=root group=root
+ state=directory
+ mode=0755
+
+- name: Generate /etc/iptables/services
+ template: src=etc/iptables/services.j2
+ dest=/etc/iptables/services
+ owner=root group=root
+ mode=0600
+ notify:
+ - Unsafe firewall update
+
+- name: Copy /usr/local/sbin/update-firewall.sh
+ copy: src=usr/local/sbin/update-firewall.sh
+ dest=/usr/local/sbin/update-firewall.sh
+ owner=root group=root
+ mode=0755
+ notify:
+ - Unsafe firewall update
+
+- name: Make the iptable ruleset persistent
+ copy: src=etc/network/if-pre-up.d/iptables
+ dest=/etc/network/if-pre-up.d/iptables
+ owner=root group=root
+ mode=0755
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index d6a4266..460ffdd 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -2,3 +2,4 @@
- include: sysctl.yml tags=sysctl
- include: hosts.yml
- include: apt.yml tags=apt
+- include: firewall.yml tags=firewall,iptables