From fbde929fce7405f018fc66bb5796bf0a16292913 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 30 Oct 2013 21:06:51 +0100
Subject: Configure v4 and v6 iptable rulesets.

---
 roles/common/tasks/firewall.yml | 34 ++++++++++++++++++++++++++++++++++
 roles/common/tasks/main.yml     |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 roles/common/tasks/firewall.yml

(limited to 'roles/common/tasks')

diff --git a/roles/common/tasks/firewall.yml b/roles/common/tasks/firewall.yml
new file mode 100644
index 0000000..2913a9e
--- /dev/null
+++ b/roles/common/tasks/firewall.yml
@@ -0,0 +1,34 @@
+- name: Install some packages required for the firewall
+  apt: pkg={{ item }}
+  with_items:
+    - iptables
+    - netmask
+    - bsdutils
+
+- name: Create directory /etc/iptables
+  file: path=/etc/iptables
+        owner=root group=root
+        state=directory
+        mode=0755
+
+- name: Generate /etc/iptables/services
+  template: src=etc/iptables/services.j2
+            dest=/etc/iptables/services
+            owner=root group=root
+            mode=0600
+  notify:
+    - Unsafe firewall update
+
+- name: Copy /usr/local/sbin/update-firewall.sh
+  copy: src=usr/local/sbin/update-firewall.sh
+        dest=/usr/local/sbin/update-firewall.sh
+        owner=root group=root
+        mode=0755
+  notify:
+    - Unsafe firewall update
+
+- name: Make the iptable ruleset persistent
+  copy: src=etc/network/if-pre-up.d/iptables
+        dest=/etc/network/if-pre-up.d/iptables
+        owner=root group=root
+        mode=0755
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index d6a4266..460ffdd 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -2,3 +2,4 @@
 - include: sysctl.yml   tags=sysctl
 - include: hosts.yml
 - include: apt.yml      tags=apt
+- include: firewall.yml tags=firewall,iptables
-- 
cgit v1.2.3