Home Explore Help
Sign In
mhutchinson
/
Ansible_repo-pub
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Ansible_repo-pu...
/
playbooks
/
misc
/
TEST-iptables.yaml

TEST-iptables.yaml 3.8 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112 
  1. ---
    2. 

  2.   - name: "Example of a working iptables playbook"
    3. 

  3.     hosts: all
    4. 

  4. #      - "*IPTables"
    5. 

  5.     gather_facts: True
    6. 

  6.     become: true
    7. 

  7. # Put the IPs/hostnames of Zabbix servers and proxies here:
    8. 

  8.     vars:
    9. 

  9.       MONSRC:
    10. 

  10.       - ***CONTENTS REDACTED***
    11. 

  11.       - ***CONTENTS REDACTED***
    12. 

  12.       - ***CONTENTS REDACTED***
    13. 

  13.       MONSRCRANGE:
    14. 

  14.       - ***CONTENTS REDACTED***
    15. 

  15.       - ***CONTENTS REDACTED***
    16. 

  16. 

  17.     tasks:
    18. 

  18.       - name: "msg print to stdout: Debug ansible_facts"
    19. 

  19.         debug:
    20. 

  20.           msg:
    21. 

  21.             - ansible_facts.distribution "{{ ansible_facts.distribution }}"
    22. 

  22.             - ansible_facts.distribution_major_version "{{ ansible_facts.distribution_major_version }}"
    23. 

  23.             - ansible_facts.distribution_file_variety "{{ ansible_facts.distribution_file_variety }}"
    24. 

  24. 

  25.       - name: Show MONSRC variables
    26. 

  26.         debug:
    27. 

  27.           msg: "MONSRCs: {{ MONSRC[0-2] }}"
    28. 

  28. 

  29.       - name: Show MONSRCRANGE variables
    30. 

  30.         debug:
    31. 

  31.           msg: "MONSRCRANGEs: {{ MONSRCRANGE[0-2] }}"
    32. 

  32. 

  33.       - name: Populate systemd service_facts
    34. 

  34.         service_facts:
    35. 

  35. 

  36.       - debug:
    37. 

  37.           msg:
    38. 

  38.             - ansible_facts.services['firewalld.service'] "{{ ansible_facts.services['firewalld.service'] }}"
    39. 

  39.         when: "'firewalld.service' in services"
    40. 

  40. 

  41.       - debug:
    42. 

  42.           msg:
    43. 

  43.             - ansible_facts.services['iptables.service'] "{{ ansible_facts.services['iptables.service'] }}"
    44. 

  44.         when: "'iptables.service' in services"
    45. 

  45. 

  46. 

  47.       - debug:
    48. 

  48.           msg:
    49. 

  49.             -  ansible_all_ipv4_addresses "{{ ansible_all_ipv4_addresses}}"
    50. 

  50. 

  51.       - name: Open 10050/tcp from $MONSRC0 ("{{ MONSRC[0] }}") if iptables.service is enabled
    52. 

  52.         iptables:
    53. 

  53.           action: insert
    54. 

  54.           chain: INPUT
    55. 

  55.           source: "{{ MONSRC[0] }}"
    56. 

  56.           protocol: tcp
    57. 

  57.           destination_port: 10050:10051
    58. 

  58.           state: present
    59. 

  59.           jump: ACCEPT
    60. 

  60.         when: ansible_facts.services['iptables.service']['status'] == 'enabled'
    61. 

  61. 

  62.       - name: Open 10050/tcp from $MONSRC1 ("{{ MONSRC[1] }}") if iptables.service is enabled
    63. 

  63.         iptables:
    64. 

  64.           action: insert
    65. 

  65.           chain: INPUT
    66. 

  66.           source:  "{{ MONSRC[1] }}"
    67. 

  67.           protocol: tcp
    68. 

  68.           destination_port: 10050:10051
    69. 

  69.           state: present
    70. 

  70.           jump: ACCEPT
    71. 

  71.         when: ansible_facts.services['iptables.service']['status'] == 'enabled'
    72. 

  72. 

  73.       - name: Open 10050/tcp from $MONSRC2 ("{{ MONSRC[2] }}") if iptables.service is enabled AND IP contains 10.***CONTENTS REDACTED***
    74. 

  74.         iptables:
    75. 

  75.           action: insert
    76. 

  76.           chain: INPUT
    77. 

  77.           source:  "{{ MONSRC[2] }}"
    78. 

  78.           protocol: tcp
    79. 

  79.           destination_port: 10050:10051
    80. 

  80.           state: present
    81. 

  81.           jump: ACCEPT
    82. 

  82.         when:
    83. 

  83.           - ansible_facts.services['iptables.service']['status'] == 'enabled'
    84. 

  84.           - ansible_all_ipv4_addresses is search("10.***CONTENTS REDACTED***")
    85. 

  85. 

  86.       - name: Open 10050/tcp from $MONSRCRANGE0 ("{{ MONSRCRANGE[0] }}") if iptables.service is enabled
    87. 

  87.         iptables:
    88. 

  88.           action: insert
    89. 

  89.           chain: INPUT
    90. 

  90.           src_range:  "{{ MONSRCRANGE[0] }}"
    91. 

  91.           protocol: tcp
    92. 

  92.           destination_port: 10050:10051
    93. 

  93.           state: present
    94. 

  94.           jump: ACCEPT
    95. 

  95.         when: ansible_facts.services['iptables.service']['status'] == 'enabled'
    96. 

  96. 

  97.       - name: Open 10050/tcp from $MONSRCRANGE1 ("{{ MONSRCRANGE[1] }}") if iptables.service is enabled
    98. 

  98.         iptables:
    99. 

  99.           action: insert
    100. 

  100.           chain: INPUT
    101. 

  101.           src_range:  "{{ MONSRCRANGE[1] }}"
    102. 

  102.           protocol: tcp
    103. 

  103.           destination_port: 10050:10051
    104. 

  104.           state: present
    105. 

  105.           jump: ACCEPT
    106. 

  106.         when: ansible_facts.services['iptables.service']['status'] == 'enabled'
    107. 

  107. 

  108.       - name: Save current state of the firewall in system file if iptables is enabled
    109. 

  109.         iptables_state:
    110. 

  110.           state: saved
    111. 

  111.           path: /etc/sysconfig/iptables
    112. 

  112.         when: ansible_facts.services['iptables.service']['status'] == 'enabled'
    113.