Make reloading of firewall rules on update optional.
This commit is contained in:
Nils Cant
@@ -24,3 +24,4 @@ iptables_rules_v6:
|
||||
policy: ACCEPT
|
||||
OUTPUT:
|
||||
policy: ACCEPT
|
||||
iptables_reload_on_update: true
|
||||
|
||||
@@ -1,2 +0,0 @@
|
||||
- name: Reload netfilter-persistent
|
||||
command: netfilter-persistent reload
|
||||
@@ -6,10 +6,14 @@
|
||||
template:
|
||||
src: rules-v4.j2
|
||||
dest: /etc/iptables/rules.v4
|
||||
notify: Reload netfilter-persistent
|
||||
register: rules_v4
|
||||
|
||||
- name: rules.v6
|
||||
template:
|
||||
src: rules-v6.j2
|
||||
dest: /etc/iptables/rules.v6
|
||||
notify: Reload netfilter-persistent
|
||||
register: rules_v6
|
||||
|
||||
- name: Reload netfilter-persistent
|
||||
command: /usr/sbin/netfilter-persistent reload
|
||||
when: iptables_reload_on_update and ( rules_v4 is changed or rules_v6 is changed )
|
||||
|
||||
Reference in New Issue
Block a user