Alan Orth
b87f2e2fb0
You should only use the "shell" module when you need shell functions like flow control and redirects. Also, the "command" module is safer because it is not affected by the user's environment.
36 lines
1.2 KiB
YAML
36 lines
1.2 KiB
YAML
---
|
|
- name: Install iptables-persistent
|
|
when: ansible_distribution_version | version_compare('14.04', '==')
|
|
apt: pkg=iptables-persistent update_cache=yes
|
|
tags: packages
|
|
|
|
- name: Copy /etc/iptables/rules.v4
|
|
when: ansible_distribution_version | version_compare('14.04', '==')
|
|
template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600
|
|
notify:
|
|
- restart iptables-persistent
|
|
|
|
- name: Copy /etc/iptables/rules.v6
|
|
when: ansible_distribution_version | version_compare('14.04', '==')
|
|
template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600
|
|
notify:
|
|
- restart iptables-persistent
|
|
|
|
- name: Install firewalld and deps
|
|
when: ansible_distribution_version | version_compare('15.04', '>=')
|
|
apt: pkg={{ item }} state=latest
|
|
with_items:
|
|
- firewalld
|
|
- tidy
|
|
tags: packages
|
|
|
|
- name: Copy firewalld public zone file
|
|
when: ansible_distribution_version | version_compare('15.04', '>=')
|
|
template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
|
|
|
|
- name: Format public.xml firewalld zone file
|
|
when: ansible_distribution_version | version_compare('15.04', '>=')
|
|
command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
|
|
notify:
|
|
- reload firewalld
|