| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 |
- ---
- - name: "Example of a working iptables playbook"
- hosts: all
- # - "*IPTables"
- gather_facts: True
- become: true
- # Put the IPs/hostnames of Zabbix servers and proxies here:
- vars:
- MONSRC:
- - ***CONTENTS REDACTED***
- - ***CONTENTS REDACTED***
- - 10.***CONTENTS REDACTED***
- MONSRCRANGE:
- - ***CONTENTS REDACTED***
- - ***CONTENTS REDACTED***
- tasks:
- - name: "msg print to stdout: Debug ansible_facts"
- debug:
- msg:
- # - "{{ ansible_facts.service_mgr }}"
- - ansible_facts.distribution "{{ ansible_facts.distribution }}"
- - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
- - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"
- #- "{{ ansible_facts.services_iptables'].state }}"
- #- ansible_facts.services "{{ ansible_facts.services }}"
- - name: Show MONSRC variables
- debug:
- msg: "MONSRCs: {{ MONSRC[0-2] }}"
- - name: Show MONSRCRANGE variables
- debug:
- msg: "MONSRCRANGEs: {{ MONSRCRANGE[0-2] }}"
- - name: Populate systemd service_facts
- service_facts:
- - debug:
- msg:
- - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
- when: "'firewalld.service' in services"
- - debug:
- msg:
- - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
- when: "'iptables.service' in services"
- - debug:
- msg:
- - ansible_all_ipv4_addresses "{{ ansible_all_ipv4_addresses}}"
- - name: Open 10050/tcp from $MONSRC0 ("{{ MONSRC[0] }}") if iptables.service is enabled
- iptables:
- action: insert
- chain: INPUT
- source: "{{ MONSRC[0] }}"
- protocol: tcp
- destination_port: 10050:10051
- state: present
- jump: ACCEPT
- when: ansible_facts.services['iptables.service']['status'] == 'enabled'
- - name: Open 10050/tcp from $MONSRC1 ("{{ MONSRC[1] }}") if iptables.service is enabled
- iptables:
- action: insert
- chain: INPUT
- source: "{{ MONSRC[1] }}"
- protocol: tcp
- destination_port: 10050:10051
- state: present
- jump: ACCEPT
- when: ansible_facts.services['iptables.service']['status'] == 'enabled'
- - name: Open 10050/tcp from $MONSRC2 ("{{ MONSRC[2] }}") if iptables.service is enabled AND IP contains 10.***CONTENTS REDACTED***
- iptables:
- action: insert
- chain: INPUT
- source: "{{ MONSRC[2] }}"
- protocol: tcp
- destination_port: 10050:10051
- state: present
- jump: ACCEPT
- when:
- - ansible_facts.services['iptables.service']['status'] == 'enabled'
- - ansible_all_ipv4_addresses is search("10.***CONTENTS REDACTED***")
- - name: Open 10050/tcp from $MONSRCRANGE0 ("{{ MONSRCRANGE[0] }}") if iptables.service is enabled
- iptables:
- action: insert
- chain: INPUT
- src_range: "{{ MONSRCRANGE[0] }}"
- protocol: tcp
- destination_port: 10050:10051
- state: present
- jump: ACCEPT
- when: ansible_facts.services['iptables.service']['status'] == 'enabled'
- - name: Open 10050/tcp from $MONSRCRANGE1 ("{{ MONSRCRANGE[1] }}") if iptables.service is enabled
- iptables:
- action: insert
- chain: INPUT
- src_range: "{{ MONSRCRANGE[1] }}"
- protocol: tcp
- destination_port: 10050:10051
- state: present
- jump: ACCEPT
- when: ansible_facts.services['iptables.service']['status'] == 'enabled'
- - name: Save current state of the firewall in system file if iptables is enabled
- iptables_state:
- state: saved
- path: /etc/sysconfig/iptables
- when: ansible_facts.services['iptables.service']['status'] == 'enabled'
|
