Initial import for iptables
This commit is contained in:
parent
0df9d57a53
commit
968a190099
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
.vagrant
|
69
roles/iptables/tasks/main.yml
Normal file
69
roles/iptables/tasks/main.yml
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
- name: install iptables
|
||||||
|
apt:
|
||||||
|
name: iptables
|
||||||
|
state: present
|
||||||
|
update_cache: yes
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: use legacy version of iptables
|
||||||
|
alternatives:
|
||||||
|
name: "{{ item }}"
|
||||||
|
path: "/usr/sbin/{{ item }}-legacy"
|
||||||
|
with_items:
|
||||||
|
- iptables
|
||||||
|
- ip6tables
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: flush all the iptables rules
|
||||||
|
iptables:
|
||||||
|
flush: true
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: firewall rule - allow incoming loopback traffic
|
||||||
|
iptables:
|
||||||
|
chain: INPUT
|
||||||
|
in_interface: lo
|
||||||
|
jump: ACCEPT
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: firewall rule - allow outgoing loopback traffic
|
||||||
|
iptables:
|
||||||
|
chain: OUTPUT
|
||||||
|
out_interface: lo
|
||||||
|
jump: ACCEPT
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: firewall rule - allow established connections
|
||||||
|
iptables:
|
||||||
|
chain: INPUT
|
||||||
|
ctstate: ESTABLISHED,RELATED
|
||||||
|
jump: ACCEPT
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: firewall rule - allow incoming SSH
|
||||||
|
iptables:
|
||||||
|
chain: INPUT
|
||||||
|
protocol: tcp
|
||||||
|
destination_port: 22
|
||||||
|
ctstate: NEW,ESTABLISHED
|
||||||
|
jump: ACCEPT
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: firewall rule - allow outgoing SSH
|
||||||
|
iptables:
|
||||||
|
chain: OUTPUT
|
||||||
|
protocol: tcp
|
||||||
|
source_port: 22
|
||||||
|
ctstate: ESTABLISHED
|
||||||
|
jump: ACCEPT
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: set the policy for main chains to DROP
|
||||||
|
iptables:
|
||||||
|
chain: "{{ item }}"
|
||||||
|
policy: DROP
|
||||||
|
with_items:
|
||||||
|
- INPUT
|
||||||
|
- FORWARD
|
||||||
|
- OUTPUT
|
||||||
|
become: True
|
10
tests/Vagrantfile
vendored
Normal file
10
tests/Vagrantfile
vendored
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
Vagrant.configure("2") do |config|
|
||||||
|
config.vm.box = "debian/buster64"
|
||||||
|
config.vm.provision "ansible" do |ansible|
|
||||||
|
ansible.compatibility_mode = "2.0"
|
||||||
|
ansible.playbook = "test.yml"
|
||||||
|
end
|
||||||
|
end
|
5
tests/test.yml
Normal file
5
tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: tests for ansible on mornie.org
|
||||||
|
hosts: all
|
||||||
|
roles:
|
||||||
|
- {role: ../roles/iptables}
|
Loading…
Reference in a new issue