Initial commit
This commit is contained in:
Nils Cant
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
*.swp
|
||||||
26
defaults/main.yml
Normal file
26
defaults/main.yml
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
iptables_rules_v4:
|
||||||
|
filter:
|
||||||
|
INPUT:
|
||||||
|
policy: DROP
|
||||||
|
rules:
|
||||||
|
- "-i lo -j ACCEPT"
|
||||||
|
- "-m state --state RELATED,ESTABLISHED -j ACCEPT"
|
||||||
|
- "-p icmp -m icmp --icmp-type any -j ACCEPT"
|
||||||
|
- "-p tcp -m tcp --dport 22 -j ACCEPT"
|
||||||
|
FORWARD:
|
||||||
|
policy: ACCEPT
|
||||||
|
OUTPUT:
|
||||||
|
policy: ACCEPT
|
||||||
|
iptables_rules_v6:
|
||||||
|
filter:
|
||||||
|
INPUT:
|
||||||
|
policy: DROP
|
||||||
|
rules:
|
||||||
|
- "-i lo -j ACCEPT"
|
||||||
|
- "-m state --state RELATED,ESTABLISHED -j ACCEPT"
|
||||||
|
- "-p ipv6-icmp -j ACCEPT"
|
||||||
|
- "-p tcp -m tcp --dport 22 -j ACCEPT"
|
||||||
|
FORWARD:
|
||||||
|
policy: ACCEPT
|
||||||
|
OUTPUT:
|
||||||
|
policy: ACCEPT
|
||||||
2
handlers/main.yml
Normal file
2
handlers/main.yml
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
- name: Reload netfilter-persistent
|
||||||
|
command: netfilter-persistent reload
|
||||||
15
tasks/main.yml
Normal file
15
tasks/main.yml
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
- name: install iptables-persistent
|
||||||
|
apt:
|
||||||
|
name: iptables-persistent
|
||||||
|
|
||||||
|
- name: rules.v4
|
||||||
|
template:
|
||||||
|
src: rules-v4.j2
|
||||||
|
dest: /etc/iptables/rules.v4
|
||||||
|
notify: Reload netfilter-persistent
|
||||||
|
|
||||||
|
- name: rules.v6
|
||||||
|
template:
|
||||||
|
src: rules-v6.j2
|
||||||
|
dest: /etc/iptables/rules.v6
|
||||||
|
notify: Reload netfilter-persistent
|
||||||
13
templates/rules-v4.j2
Normal file
13
templates/rules-v4.j2
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
{% for table in iptables_rules_v4 %}
|
||||||
|
*{{ table }}
|
||||||
|
{% for chain in iptables_rules_v4[table] %}
|
||||||
|
:{{ chain }} {{ iptables_rules_v4[table][chain]['policy'] | default('ACCEPT') }} [0:0]
|
||||||
|
{% if iptables_rules_v4[table][chain]['rules'] is defined %}
|
||||||
|
{% for rule in iptables_rules_v4[table][chain]['rules'] %}
|
||||||
|
-A {{ chain }} {{ rule }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
COMMIT
|
||||||
13
templates/rules-v6.j2
Normal file
13
templates/rules-v6.j2
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
{% for table in iptables_rules_v6 %}
|
||||||
|
*{{ table }}
|
||||||
|
{% for chain in iptables_rules_v6[table] %}
|
||||||
|
:{{ chain }} {{ iptables_rules_v6[table][chain]['policy'] }} [0:0]
|
||||||
|
{% if iptables_rules_v6[table][chain]['rules'] is defined %}
|
||||||
|
{% for rule in iptables_rules_v6[table][chain]['rules'] %}
|
||||||
|
-A {{ chain }} {{ rule }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
COMMIT
|
||||||
Reference in New Issue
Block a user