Add UDP ports in iptables role and update README role

This commit is contained in:
Nemo 2020-07-11 14:59:52 +02:00
parent 0e055f73e8
commit 30e5147587
3 changed files with 34 additions and 3 deletions

View file

@ -1,12 +1,14 @@
Ansible Role: client iptables Ansible Role: client iptables
========= =========
This role defines iptables rules for a GNU/Linux server. This role defines iptables rules for a GNU/Linux server (but NOT for routers).
Requirements Requirements
------------ ------------
None. WARNING : do not apply this role on routers !!!
This role assumes you have a clean iptables configuration on your host (else, you may need to flush the current rules).
Role Variables Role Variables
-------------- --------------
@ -17,6 +19,9 @@ All variables and default values are defined in `defaults/main.yml` :
tcp_authorized_ports: tcp_authorized_ports:
- 22 - 22
# All authorized UDP ports
udp_authorized_ports: []
# All incoming authorized IP # All incoming authorized IP
ip_authorized: [] ip_authorized: []

View file

@ -1,6 +1,6 @@
galaxy_info: galaxy_info:
author: nemo author: nemo
description: Set iptables for GNU/Linux. description: Set iptables for GNU/Linux servers (but NOT routers).
company: Wirebrass company: Wirebrass
license: license (BSD) license: license (BSD)

View file

@ -83,6 +83,32 @@
notify: notify:
- persist iptables - persist iptables
- name: Allow new incoming connections on UDP port (dynamic list) (IPV4)
iptables:
ip_version: ipv4
chain: INPUT
protocol: udp
destination_port: "{{ item }}"
jump: ACCEPT
comment: Accept new connections on port "{{ item }}".
loop: "{{ udp_authorized_ports }}"
when: udp_authorized_ports is defined and (udp_authorized_ports|length>0)
notify:
- persist iptables
- name: Allow new incoming connections on UDP port (dynamic list) (IPV6)
iptables:
ip_version: ipv6
chain: INPUT
protocol: udp
destination_port: "{{ item }}"
jump: ACCEPT
comment: Accept new connections on port "{{ item }}".
loop: "{{ udp_authorized_ports }}"
when: udp_authorized_ports is defined and (udp_authorized_ports|length>0)
notify:
- persist iptables
- name: Allow new incoming connections from specific IP (dynamic list) (IPV4) - name: Allow new incoming connections from specific IP (dynamic list) (IPV4)
iptables: iptables:
ip_version: ipv4 ip_version: ipv4