--- - name: "Example of a working iptables playbook" hosts: all # - "*IPTables" gather_facts: True become: true # Put the IPs/hostnames of Zabbix servers and proxies here: vars: MONSRC: - ***CONTENTS REDACTED*** - ***CONTENTS REDACTED*** - 10.***CONTENTS REDACTED*** MONSRCRANGE: - ***CONTENTS REDACTED*** - ***CONTENTS REDACTED*** tasks: - name: "msg print to stdout: Debug ansible_facts" debug: msg: # - "{{ ansible_facts.service_mgr }}" - ansible_facts.distribution "{{ ansible_facts.distribution }}" - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}" - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}" #- "{{ ansible_facts.services_iptables'].state }}" #- ansible_facts.services "{{ ansible_facts.services }}" - name: Show MONSRC variables debug: msg: "MONSRCs: {{ MONSRC[0-2] }}" - name: Show MONSRCRANGE variables debug: msg: "MONSRCRANGEs: {{ MONSRCRANGE[0-2] }}" - name: Populate systemd service_facts service_facts: - debug: msg: - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}" when: "'firewalld.service' in services" - debug: msg: - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}" when: "'iptables.service' in services" - debug: msg: - ansible_all_ipv4_addresses "{{ ansible_all_ipv4_addresses}}" - name: Open 10050/tcp from $MONSRC0 ("{{ MONSRC[0] }}") if iptables.service is enabled iptables: action: insert chain: INPUT source: "{{ MONSRC[0] }}" protocol: tcp destination_port: 10050:10051 state: present jump: ACCEPT when: ansible_facts.services['iptables.service']['status'] == 'enabled' - name: Open 10050/tcp from $MONSRC1 ("{{ MONSRC[1] }}") if iptables.service is enabled iptables: action: insert chain: INPUT source: "{{ MONSRC[1] }}" protocol: tcp destination_port: 10050:10051 state: present jump: ACCEPT when: ansible_facts.services['iptables.service']['status'] == 'enabled' - name: Open 10050/tcp from $MONSRC2 ("{{ MONSRC[2] }}") if iptables.service is enabled AND IP contains 10.***CONTENTS REDACTED*** iptables: action: insert chain: INPUT source: "{{ MONSRC[2] }}" protocol: tcp destination_port: 10050:10051 state: present jump: ACCEPT when: - ansible_facts.services['iptables.service']['status'] == 'enabled' - ansible_all_ipv4_addresses is search("10.***CONTENTS REDACTED***") - name: Open 10050/tcp from $MONSRCRANGE0 ("{{ MONSRCRANGE[0] }}") if iptables.service is enabled iptables: action: insert chain: INPUT src_range: "{{ MONSRCRANGE[0] }}" protocol: tcp destination_port: 10050:10051 state: present jump: ACCEPT when: ansible_facts.services['iptables.service']['status'] == 'enabled' - name: Open 10050/tcp from $MONSRCRANGE1 ("{{ MONSRCRANGE[1] }}") if iptables.service is enabled iptables: action: insert chain: INPUT src_range: "{{ MONSRCRANGE[1] }}" protocol: tcp destination_port: 10050:10051 state: present jump: ACCEPT when: ansible_facts.services['iptables.service']['status'] == 'enabled' - name: Save current state of the firewall in system file if iptables is enabled iptables_state: state: saved path: /etc/sysconfig/iptables when: ansible_facts.services['iptables.service']['status'] == 'enabled'