Ansible: Configuring iptables firewall rules

From Glitchdata
Jump to navigation Jump to search

Ansible has a immature iptables module, so its best to use shell commands to make these changes.

Sample Open Port 80

# Open TCP port 80
- iptables_raw:
    name: allow_tcp_80
    rules: '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT'

# Open TCP port 22, but insert it before port 80 (default weight is 40)
- iptables_raw:
    name: allow_tcp_22
    rules: '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT'
    weight: 35

Delete a Rule

# Delete allow_tcp_80
- iptables_raw:
    name: allow_tcp_80
    state: absent