roles/common: Use iptables backend for firewalld on Debian
For some reason the nftables set support in firewalld doesn't seem to be working. I see that sets (aka ipsets in nftables lingo) are created, but they are empty. For now I will just leave these tasks as they are to revert the behavior on current hosts (should do no change on new installed, as the regexp won't match).
This commit is contained in:
parent
919fbbbcd9
commit
2631f76c6d
GPG Key ID:
0FB860CC9C45B1B9
@ -13,12 +13,12 @@
|
|||||||
when: ansible_distribution_major_version is version_compare('9', '>=')
|
when: ansible_distribution_major_version is version_compare('9', '>=')
|
||||||
apt: pkg={{ debian_firewall_packages }} state=present
|
apt: pkg={{ debian_firewall_packages }} state=present
|
||||||
|
|
||||||
- name: Use nftables backend in firewalld
|
- name: Use iptables backend in firewalld
|
||||||
when: ansible_distribution_major_version is version_compare('10', '>=')
|
when: ansible_distribution_major_version is version_compare('10', '>=')
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/firewalld/firewalld.conf
|
dest: /etc/firewalld/firewalld.conf
|
||||||
regexp: '^FirewallBackend=iptables$'
|
regexp: '^FirewallBackend=nftables$'
|
||||||
line: 'FirewallBackend=nftables'
|
line: 'FirewallBackend=iptables'
|
||||||
notify:
|
notify:
|
||||||
- restart firewalld
|
- restart firewalld
|
||||||
|
|
||||||
@ -29,8 +29,8 @@
|
|||||||
when: ansible_distribution_major_version is version_compare('10', '>=')
|
when: ansible_distribution_major_version is version_compare('10', '>=')
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/firewalld/firewalld.conf
|
dest: /etc/firewalld/firewalld.conf
|
||||||
regexp: '^IndividualCalls=no$'
|
regexp: '^IndividualCalls=yes$'
|
||||||
line: 'IndividualCalls=yes'
|
line: 'IndividualCalls=no'
|
||||||
notify:
|
notify:
|
||||||
- restart firewalld
|
- restart firewalld
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user