1
0
Fork 0

Initial import for iptables

This commit is contained in:
Daniele Tricoli 2020-01-29 02:45:17 +01:00
parent 0df9d57a53
commit 968a190099
4 changed files with 85 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.vagrant

View File

@ -0,0 +1,69 @@
- name: install iptables
apt:
name: iptables
state: present
update_cache: yes
become: True
- name: use legacy version of iptables
alternatives:
name: "{{ item }}"
path: "/usr/sbin/{{ item }}-legacy"
with_items:
- iptables
- ip6tables
become: True
- name: flush all the iptables rules
iptables:
flush: true
become: True
- name: firewall rule - allow incoming loopback traffic
iptables:
chain: INPUT
in_interface: lo
jump: ACCEPT
become: True
- name: firewall rule - allow outgoing loopback traffic
iptables:
chain: OUTPUT
out_interface: lo
jump: ACCEPT
become: True
- name: firewall rule - allow established connections
iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
become: True
- name: firewall rule - allow incoming SSH
iptables:
chain: INPUT
protocol: tcp
destination_port: 22
ctstate: NEW,ESTABLISHED
jump: ACCEPT
become: True
- name: firewall rule - allow outgoing SSH
iptables:
chain: OUTPUT
protocol: tcp
source_port: 22
ctstate: ESTABLISHED
jump: ACCEPT
become: True
- name: set the policy for main chains to DROP
iptables:
chain: "{{ item }}"
policy: DROP
with_items:
- INPUT
- FORWARD
- OUTPUT
become: True

10
tests/Vagrantfile vendored Normal file
View File

@ -0,0 +1,10 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "debian/buster64"
config.vm.provision "ansible" do |ansible|
ansible.compatibility_mode = "2.0"
ansible.playbook = "test.yml"
end
end

5
tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: tests for ansible on mornie.org
hosts: all
roles:
- {role: ../roles/iptables}