Install and configure iptables **Role Variables** .. zuul:rolevar:: iptables_allowed_hosts :default: [] A list of dictionaries, each item in the list is a rule to add for a host/port combination. The format of the dictionary is: .. zuul:rolevar:: hostname The hostname to allow. It will automatically be resolved, and the inventory IP address will be added to the firewall. .. zuul:rolevar:: protocol One of "tcp" or "udp". .. zuul:rolevar:: port The port number. .. zuul:rolevar:: iptables_allowed_groups :default: [] A list of dictionaries, each item in the list is a rule to add for a host/port combination. The format of the dictionary is: .. zuul:rolevar:: group The ansible inventory group to add. Every host in the group will be added to the firewall. .. zuul:rolevar:: protocol One of "tcp" or "udp". .. zuul:rolevar:: port The port number. .. zuul:rolevar:: iptables_public_tcp_ports :default: [] A list of public TCP ports to open. .. zuul:rolevar:: iptables_public_udp_ports :default: [] A list of public UDP ports to open. .. zuul:rolevar:: iptables_rules :default: [] A list of iptables ingress rules. Each item is a string containing the iptables command line options for the rule. These will be expanded to cover IPv4 and IPv6. .. zuul:rolevar:: iptables_rules_v4 :default: [] A list of iptables v4 ingress rules. Each item is a string containing the iptables command line options for the rule. .. zuul:rolevar:: iptables_rules_v6 :default: [] A list of iptables v6 ingress rules. Each item is a string containing the iptables command line options for the rule. .. zuul:rolevar:: iptables_egress_rules :default: [] A list of iptables egress rules. Each item is a string containing the iptables command line options for the rule. These will be expanded to cover IPv4 and IPv6. .. zuul:rolevar:: iptables_egress_rules_v4 :default: [] A list of iptables v4 egress rules. Each item is a string containing the iptables command line options for the rule. .. zuul:rolevar:: iptables_egress_rules_v6 :default: [] A list of iptables v6 egress rules. Each item is a string containing the iptables command line options for the rule.