Skip to content
This repository has been archived by the owner on Sep 25, 2018. It is now read-only.

kbrebanov/ansible-iptables

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
tests
tests
 
 
vars
vars
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

No Maintenance Intended

iptables

Build Status

Installs and configures iptables.

Requirements

This role requires Ansible 1.9 or higher.

Role Variables

Name Default Description
iptables_filter_input_policy drop IPv4 default filter input policy
iptables_filter_forward_policy drop IPv4 default filter forward policy
iptables_filter_output_policy accept IPv4 default filter output policy
iptables_filter_rules [{protocol: tcp, source_address: 0.0.0.0/0, destination_port: 22, comment: OpenSSH, target: accept }] Array of filter rules represented as hashes
iptables_nat_prerouting_policy accept IPv4 default nat prerouting policy
iptables_nat_input_policy accept IPv4 default nat input policy
iptables_nat_output_policy accept IPv4 default nat output policy
iptables_nat_postrouting_policy accept IPv4 default nat postrouting policy
iptables_nat_rules [] Array of nat rules represented as hashes
iptables6_filter_input_policy drop IPv6 default filter input policy
iptables6_filter_forward_policy drop IPv6 default filter forward policy
iptables6_filter_output_policy accept IPv6 default filter output policy
iptables6_nat_prerouting_policy accept IPv6 default nat prerouting policy
iptables6_nat_input_policy accept IPv6 default nat input policy
iptables6_nat_output_policy accept IPv6 default nat output policy
iptables6_nat_postrouting_policy accept IPv6 default nat postrouting policy

Dependencies

None

Example Playbook

Install and configure iptables to allow ICMP and OpenSSH

- hosts: all
  roles:
    - kbrebanov.iptables

Install and configure iptables to disallow ICMP, allow OpenSSH and HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 22
        comment: OpenSSH
        target: accept
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
  roles:
    - kbrebanov.iptables

Install and configure iptables with a port forward rule for HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
    iptables_nat_rules:
      - chain: prerouting
        protocol: tcp
        destination_port: 80
        target: dnat
        to_destination: 192.168.1.54
        to_port: 8080
  roles:
    - kbrebanov.iptables

License

BSD

Author Information

Kevin Brebanov

About

Ansible iptables role

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

8 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

5 tags

Packages

No packages published