From fbde929fce7405f018fc66bb5796bf0a16292913 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 30 Oct 2013 21:06:51 +0100
Subject: Configure v4 and v6 iptable rulesets.

---
 roles/common/tasks/firewall.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 roles/common/tasks/firewall.yml

(limited to 'roles/common/tasks/firewall.yml')

diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
new file mode 100644
index 0000000..2913a9e
--- /dev/null
+++ b/roles/common/tasks/firewall.yml
@@ -0,0 +1,34 @@
+- name: Install some packages required for the firewall
+  apt: pkg={{ item }}
+  with_items:
+    - iptables
+    - netmask
+    - bsdutils
+
+- name: Create directory /etc/iptables
+  file: path=/etc/iptables
+        owner=root group=root
+        state=directory
+        mode=0755
+
+- name: Generate /etc/iptables/services
+  template: src=etc/iptables/services.j2
+            dest=/etc/iptables/services
+            owner=root group=root
+            mode=0600
+  notify:
+    - Unsafe firewall update
+
+- name: Copy /usr/local/sbin/update-firewall.sh
+  copy: src=usr/local/sbin/update-firewall.sh
+        dest=/usr/local/sbin/update-firewall.sh
+        owner=root group=root
+        mode=0755
+  notify:
+    - Unsafe firewall update
+
+- name: Make the iptable ruleset persistent
+  copy: src=etc/network/if-pre-up.d/iptables
+        dest=/etc/network/if-pre-up.d/iptables
+        owner=root group=root
+        mode=0755
-- 
cgit v1.2.3