Skip to content
This repository has been archived by the owner on Sep 25, 2018. It is now read-only.

Latest commit

 

History

History
103 lines (86 loc) · 4.86 KB

README.md

File metadata and controls

103 lines (86 loc) · 4.86 KB

No Maintenance Intended

iptables

Build Status

Installs and configures iptables.

Requirements

This role requires Ansible 1.9 or higher.

Role Variables

Name Default Description
iptables_filter_input_policy drop IPv4 default filter input policy
iptables_filter_forward_policy drop IPv4 default filter forward policy
iptables_filter_output_policy accept IPv4 default filter output policy
iptables_filter_rules [{protocol: tcp, source_address: 0.0.0.0/0, destination_port: 22, comment: OpenSSH, target: accept }] Array of filter rules represented as hashes
iptables_nat_prerouting_policy accept IPv4 default nat prerouting policy
iptables_nat_input_policy accept IPv4 default nat input policy
iptables_nat_output_policy accept IPv4 default nat output policy
iptables_nat_postrouting_policy accept IPv4 default nat postrouting policy
iptables_nat_rules [] Array of nat rules represented as hashes
iptables6_filter_input_policy drop IPv6 default filter input policy
iptables6_filter_forward_policy drop IPv6 default filter forward policy
iptables6_filter_output_policy accept IPv6 default filter output policy
iptables6_nat_prerouting_policy accept IPv6 default nat prerouting policy
iptables6_nat_input_policy accept IPv6 default nat input policy
iptables6_nat_output_policy accept IPv6 default nat output policy
iptables6_nat_postrouting_policy accept IPv6 default nat postrouting policy

Dependencies

None

Example Playbook

Install and configure iptables to allow ICMP and OpenSSH

- hosts: all
  roles:
    - kbrebanov.iptables

Install and configure iptables to disallow ICMP, allow OpenSSH and HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 22
        comment: OpenSSH
        target: accept
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
  roles:
    - kbrebanov.iptables

Install and configure iptables with a port forward rule for HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
    iptables_nat_rules:
      - chain: prerouting
        protocol: tcp
        destination_port: 80
        target: dnat
        to_destination: 192.168.1.54
        to_port: 8080
  roles:
    - kbrebanov.iptables

License

BSD

Author Information

Kevin Brebanov