Ansible roles that I wrote for my own use.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

69 lines
1.3 KiB

- name: install iptables
apt:
name: iptables
state: present
update_cache: yes
become: True
- name: use legacy version of iptables
alternatives:
name: "{{ item }}"
path: "/usr/sbin/{{ item }}-legacy"
with_items:
- iptables
- ip6tables
become: True
- name: flush all the iptables rules
iptables:
flush: true
become: True
- name: firewall rule - allow incoming loopback traffic
iptables:
chain: INPUT
in_interface: lo
jump: ACCEPT
become: True
- name: firewall rule - allow outgoing loopback traffic
iptables:
chain: OUTPUT
out_interface: lo
jump: ACCEPT
become: True
- name: firewall rule - allow established connections
iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
become: True
- name: firewall rule - allow incoming SSH
iptables:
chain: INPUT
protocol: tcp
destination_port: 22
ctstate: NEW,ESTABLISHED
jump: ACCEPT
become: True
- name: firewall rule - allow outgoing SSH
iptables:
chain: OUTPUT
protocol: tcp
source_port: 22
ctstate: ESTABLISHED
jump: ACCEPT
become: True
- name: set the policy for main chains to DROP
iptables:
chain: "{{ item }}"
policy: DROP
with_items:
- INPUT
- FORWARD
- OUTPUT
become: True