157 lines
3.6 KiB
YAML
157 lines
3.6 KiB
YAML
---
|
|
- name: Allow related and established connections (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: INPUT
|
|
ctstate: RELATED,ESTABLISHED
|
|
jump: ACCEPT
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow related and established connections (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: INPUT
|
|
ctstate: RELATED,ESTABLISHED
|
|
jump: ACCEPT
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow incoming on localhost interface (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: INPUT
|
|
in_interface: lo
|
|
jump: ACCEPT
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow incoming on localhost interface (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: INPUT
|
|
in_interface: lo
|
|
jump: ACCEPT
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow incoming ICMP (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: INPUT
|
|
protocol: icmp
|
|
jump: ACCEPT
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow incoming ICMPv6 (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: INPUT
|
|
protocol: ipv6-icmp
|
|
jump: ACCEPT
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow new incoming connections on TCP port (dynamic list) (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: INPUT
|
|
protocol: tcp
|
|
destination_port: "{{ item }}"
|
|
jump: ACCEPT
|
|
loop: "{{ tcp_authorized_ports }}"
|
|
when: tcp_authorized_ports is defined and (tcp_authorized_ports|length>0)
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow new incoming connections on TCP port (dynamic list) (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: INPUT
|
|
protocol: tcp
|
|
destination_port: "{{ item }}"
|
|
jump: ACCEPT
|
|
loop: "{{ tcp_authorized_ports }}"
|
|
when: tcp_authorized_ports is defined and (tcp_authorized_ports|length>0)
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow new incoming connections on UDP port (dynamic list) (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: INPUT
|
|
protocol: udp
|
|
destination_port: "{{ item }}"
|
|
jump: ACCEPT
|
|
loop: "{{ udp_authorized_ports }}"
|
|
when: udp_authorized_ports is defined and (udp_authorized_ports|length>0)
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow new incoming connections on UDP port (dynamic list) (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: INPUT
|
|
protocol: udp
|
|
destination_port: "{{ item }}"
|
|
jump: ACCEPT
|
|
loop: "{{ udp_authorized_ports }}"
|
|
when: udp_authorized_ports is defined and (udp_authorized_ports|length>0)
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow new incoming connections from specific IP (dynamic list) (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: INPUT
|
|
source: "{{ item }}"
|
|
jump: ACCEPT
|
|
loop: "{{ ip_authorized }}"
|
|
when: ip_authorized is defined and (ip_authorized|length>0)
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Allow new incoming connections from specific IP (dynamic list) (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: INPUT
|
|
source: "{{ item }}"
|
|
jump: ACCEPT
|
|
loop: "{{ ip_authorized }}"
|
|
when: ip_authorized is defined and (ip_authorized|length>0)
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Set the policy for the FORWARD chain to DROP (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: FORWARD
|
|
policy: DROP
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Set the policy for the FORWARD chain to DROP (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: FORWARD
|
|
policy: DROP
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Set the policy for the INPUT chain to DROP (IPV4)
|
|
iptables:
|
|
ip_version: ipv4
|
|
chain: INPUT
|
|
policy: DROP
|
|
notify:
|
|
- persist iptables
|
|
|
|
- name: Set the policy for the INPUT chain to DROP (IPV6)
|
|
iptables:
|
|
ip_version: ipv6
|
|
chain: INPUT
|
|
policy: DROP
|
|
notify:
|
|
- persist iptables
|