Thatsaphorn Atchariyaphap
356ca08b26
Includes: - `bootstrap-debian13.yml` for system setup and user configuration - `firewall-iptables.yml` for IPv4 firewall management - `run-playbook.sh` and `check.sh` scripts for playbook execution and validation - `inventory.ini` for host definitions - Template for iptables rules at `templates/iptables/rules.v4.j2` - `README.md` with usage instructions
36 lines
998 B
YAML
36 lines
998 B
YAML
---
|
|
- name: Configure IPv4 firewall via iptables
|
|
hosts: finlog_dev
|
|
become: true
|
|
gather_facts: false
|
|
|
|
vars:
|
|
firewall_tcp_ports: [ 22, 80, 443 ] # extend as needed
|
|
firewall_udp_ports: [ ] # e.g. [53]
|
|
|
|
tasks:
|
|
- name: Render IPv4 firewall rules from template
|
|
ansible.builtin.template:
|
|
src: iptables/rules.v4.j2
|
|
dest: /etc/iptables/rules.v4
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
when: not ansible_check_mode
|
|
|
|
- name: Restore rules now
|
|
ansible.builtin.shell: iptables-restore < /etc/iptables/rules.v4
|
|
args:
|
|
executable: /bin/bash
|
|
changed_when: false
|
|
when: not ansible_check_mode
|
|
|
|
- name: Save rules for persistence
|
|
ansible.builtin.command: netfilter-persistent save
|
|
changed_when: false
|
|
when: not ansible_check_mode
|
|
|
|
- name: Show filter table (iptables -S)
|
|
ansible.builtin.command: iptables -S
|
|
changed_when: false
|
|
when: not ansible_check_mode |