0bb84bc58e
We configured iptables rules but did not persist them. This meant that rules would be flushed when restarting iptables or the instance. Change-Id: I9d90f55323a33d6a0f0dda1f7ab25d10984fa6cb
37 lines
968 B
YAML
37 lines
968 B
YAML
- name: Persist ipv4 rules
|
|
become: yes
|
|
copy:
|
|
content: "{{ iptables_rules.stdout }}"
|
|
dest: "/etc/sysconfig/iptables"
|
|
|
|
- name: Persist ipv6 rules
|
|
become: yes
|
|
copy:
|
|
content: "{{ ip6tables_rules.stdout }}"
|
|
dest: "/etc/sysconfig/ip6tables"
|
|
|
|
- name: Set up SuSEfirewall2 custom rules to be loaded
|
|
become: yes
|
|
replace:
|
|
path: /etc/sysconfig/SuSEfirewall2
|
|
regexp: '^FW_CUSTOMRULES=.*$'
|
|
replace: 'FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"'
|
|
|
|
- name: Configure SuSEfirewall2 to restore saved rules on restart
|
|
become: yes
|
|
blockinfile:
|
|
path: /etc/sysconfig/scripts/SuSEfirewall2-custom
|
|
insertafter: EOF
|
|
content: |
|
|
fw_custom_after_finished() {
|
|
/usr/sbin/iptables-restore /etc/sysconfig/iptables
|
|
/usr/sbin/ip6tables-restore /etc/sysconfig/ip6tables
|
|
}
|
|
|
|
- name: Ensure SuSEfirewall2 is started
|
|
become: yes
|
|
service:
|
|
name: SuSEfirewall2
|
|
state: started
|
|
enabled: yes
|