ansible-collection-kit/roles/iptables/tasks/main.yml

- name: install iptables
  apt:
    name: iptables
    state: present
    update_cache: yes
  become: True

- name: use legacy version of iptables
  alternatives:
    name: "{{ item }}"
    path: "/usr/sbin/{{ item }}-legacy"
  with_items:
    - iptables
    - ip6tables
  become: True

- name: flush all the iptables rules
  iptables:
    flush: true
  become: True

- name: firewall rule - allow incoming loopback traffic
  iptables:
    chain: INPUT
    in_interface: lo
    jump: ACCEPT
  become: True

- name: firewall rule - allow outgoing loopback traffic
  iptables:
    chain: OUTPUT
    out_interface: lo
    jump: ACCEPT
  become: True

- name: firewall rule - allow established connections
  iptables:
    chain: INPUT
    ctstate: ESTABLISHED,RELATED
    jump: ACCEPT
  become: True

- name: firewall rule - allow incoming SSH
  iptables:
    chain: INPUT
    protocol: tcp
    destination_port: 22
    ctstate: NEW,ESTABLISHED
    jump: ACCEPT
  become: True

- name: firewall rule - allow outgoing SSH
  iptables:
    chain: OUTPUT
    protocol: tcp
    source_port: 22
    ctstate: ESTABLISHED
    jump: ACCEPT
  become: True

- name: set the policy for main chains to DROP
  iptables:
    chain: "{{ item }}"
    policy: DROP
  with_items:
    - INPUT
    - FORWARD
    - OUTPUT
  become: True
Initial import for iptables 2020-01-29 02:45:17 +01:00			`- name: install iptables`
			`apt:`
			`name: iptables`
			`state: present`
			`update_cache: yes`
			`become: True`

			`- name: use legacy version of iptables`
			`alternatives:`
			`name: "{{ item }}"`
			`path: "/usr/sbin/{{ item }}-legacy"`
			`with_items:`
			`- iptables`
			`- ip6tables`
			`become: True`

			`- name: flush all the iptables rules`
			`iptables:`
			`flush: true`
			`become: True`

			`- name: firewall rule - allow incoming loopback traffic`
			`iptables:`
			`chain: INPUT`
			`in_interface: lo`
			`jump: ACCEPT`
			`become: True`

			`- name: firewall rule - allow outgoing loopback traffic`
			`iptables:`
			`chain: OUTPUT`
			`out_interface: lo`
			`jump: ACCEPT`
			`become: True`

			`- name: firewall rule - allow established connections`
			`iptables:`
			`chain: INPUT`
			`ctstate: ESTABLISHED,RELATED`
			`jump: ACCEPT`
			`become: True`

			`- name: firewall rule - allow incoming SSH`
			`iptables:`
			`chain: INPUT`
			`protocol: tcp`
			`destination_port: 22`
			`ctstate: NEW,ESTABLISHED`
			`jump: ACCEPT`
			`become: True`

			`- name: firewall rule - allow outgoing SSH`
			`iptables:`
			`chain: OUTPUT`
			`protocol: tcp`
			`source_port: 22`
			`ctstate: ESTABLISHED`
			`jump: ACCEPT`
			`become: True`

			`- name: set the policy for main chains to DROP`
			`iptables:`
			`chain: "{{ item }}"`
			`policy: DROP`
			`with_items:`
			`- INPUT`
			`- FORWARD`
			`- OUTPUT`
			`become: True`