alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: Start nftables service later

Browse Source 
We should only try to start the nftables service after we finish
copying all the config files just in case there is some unclean
state in one of them. On a first run this shouldn't matter, but
after nftables and some abuse list update scripts have run this
can happen (mostly in testing!).
This commit is contained in:
Alan Orth
2021-07-29 10:05:15 +03:00
parent 46fc2ce3d4
commit 197bdf7666
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/common/tasks/firewall_Ubuntu.yml
View File

@ -29,10 +29,6 @@
when: ansible_distribution_version is version('16.04', '>=')
apt: pkg=ufw state=absent
- name: Start and enable nftables
when: ansible_distribution_version is version('20.04', '>=')
systemd: name=nftables state=started enabled=yes
- name: Copy nftables.conf
when: ansible_distribution_version is version('20.04', '>=')
template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
@ -116,6 +112,10 @@
when: ansible_distribution_version is version('20.04', '>=')
systemd: name=update-spamhaus-nftables.timer state=started enabled=yes
- name: Start and enable nftables
when: ansible_distribution_version is version('20.04', '>=')
systemd: name=nftables state=started enabled=yes
- include_tasks: fail2ban.yml
when: ansible_distribution_version is version('16.04', '>=')
tags: firewall