summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks/firewall.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/tasks/firewall.yml')
-rw-r--r--roles/common/tasks/firewall.yml34
1 files changed, 34 insertions, 0 deletions
diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
new file mode 100644
index 0000000..2913a9e
--- /dev/null
+++ b/roles/common/tasks/firewall.yml
@@ -0,0 +1,34 @@
+- name: Install some packages required for the firewall
+ apt: pkg={{ item }}
+ with_items:
+ - iptables
+ - netmask
+ - bsdutils
+
+- name: Create directory /etc/iptables
+ file: path=/etc/iptables
+ owner=root group=root
+ state=directory
+ mode=0755
+
+- name: Generate /etc/iptables/services
+ template: src=etc/iptables/services.j2
+ dest=/etc/iptables/services
+ owner=root group=root
+ mode=0600
+ notify:
+ - Unsafe firewall update
+
+- name: Copy /usr/local/sbin/update-firewall.sh
+ copy: src=usr/local/sbin/update-firewall.sh
+ dest=/usr/local/sbin/update-firewall.sh
+ owner=root group=root
+ mode=0755
+ notify:
+ - Unsafe firewall update
+
+- name: Make the iptable ruleset persistent
+ copy: src=etc/network/if-pre-up.d/iptables
+ dest=/etc/network/if-pre-up.d/iptables
+ owner=root group=root
+ mode=0755
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 20:18:56 +0000