diff --git a/roles/common/tasks/iptables_Debian.yml b/roles/common/tasks/iptables_Debian.yml index f48cf13..a595676 100644 --- a/roles/common/tasks/iptables_Debian.yml +++ b/roles/common/tasks/iptables_Debian.yml @@ -1,33 +1,17 @@ --- -- name: Install iptables-persistent - when: ansible_distribution_version == '14.04' - apt: pkg=iptables-persistent update_cache=yes - -- name: Copy /etc/iptables/rules.v4 - when: ansible_distribution_version == '14.04' - template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600 - notify: - - restart iptables-persistent - -- name: Copy /etc/iptables/rules.v6 - when: ansible_distribution_version == '14.04' - template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600 - notify: - - restart iptables-persistent - - name: Install firewalld and deps - when: ansible_distribution_version == '15.04' + when: ansible_distribution_major_version == '8' apt: pkg={{ item }} state=latest with_items: - firewalld - tidy - name: Copy firewalld public zone file - when: ansible_distribution_version == '15.04' + when: ansible_distribution_major_version == '8' template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 - name: Format public.xml firewalld zone file - when: ansible_distribution_version == '15.04' + when: ansible_distribution_major_version == '8' shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml notify: - restart firewalld diff --git a/roles/common/tasks/iptables_Ubuntu.yml b/roles/common/tasks/iptables_Ubuntu.yml new file mode 100644 index 0000000..f48cf13 --- /dev/null +++ b/roles/common/tasks/iptables_Ubuntu.yml @@ -0,0 +1,33 @@ +--- +- name: Install iptables-persistent + when: ansible_distribution_version == '14.04' + apt: pkg=iptables-persistent update_cache=yes + +- name: Copy /etc/iptables/rules.v4 + when: ansible_distribution_version == '14.04' + template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600 + notify: + - restart iptables-persistent + +- name: Copy /etc/iptables/rules.v6 + when: ansible_distribution_version == '14.04' + template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600 + notify: + - restart iptables-persistent + +- name: Install firewalld and deps + when: ansible_distribution_version == '15.04' + apt: pkg={{ item }} state=latest + with_items: + - firewalld + - tidy + +- name: Copy firewalld public zone file + when: ansible_distribution_version == '15.04' + template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 + +- name: Format public.xml firewalld zone file + when: ansible_distribution_version == '15.04' + shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml + notify: + - restart firewalld diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index e44fa80..b7325db 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -16,8 +16,12 @@ when: ansible_distribution == 'Debian' tags: packages +- include: iptables_Ubuntu.yml + when: ansible_distribution == 'Ubuntu' + tags: firewall + - include: iptables_Debian.yml - when: ansible_os_family == 'Debian' + when: ansible_distribution == 'Debian' tags: firewall - include: sshd.yml