Ansible: Configuring iptables firewall rules

From Glitchdata
Revision as of 21:06, 20 March 2017 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Ansible has a immature iptables module, so its best to use shell commands to make these changes.

Sample Open Port 80

# Open TCP port 80
- iptables_raw:
    name: allow_tcp_80
    rules: '-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT'

# Open TCP port 22, but insert it before port 80 (default weight is 40)
- iptables_raw:
    name: allow_tcp_22
    rules: '-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT'
    weight: 35

Delete a Rule

# Delete allow_tcp_80
- iptables_raw:
    name: allow_tcp_80
    state: absent