/
iptables_rule_facts.yml
51 lines (50 loc) · 2 KB
/
iptables_rule_facts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
---
# Copyright 2017, Logan Vig <logan2211@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Build a list of rules defined in hostvars
set_fact:
iptables_rule_defs: |-
{% if iptables_search_enabled | bool %}
{% set _rules_search_hits = vars.keys() |
select('match', '^' ~ iptables_search_prefix ~ '.*') |
list
%}
{% endif %}
{# Add the static rule definitions #}
{% set _rules = iptables_rule_definitions %}
{# Add rules from search vars (ie. firewall_*) and also a list of vars
defined in iptables_rule_vars
#}
{% for _rule in _rules_search_hits |
default([]) |
union(iptables_rule_vars) |
list %}
{% set _ = _rules.append(lookup('vars', _rule)) %}
{% endfor %}
{# Since the 'order' attribute is optional we need to loop thru #}
{# and default it if it is not defined before sorting. #}
{% set _var = [] %}
{% for _rule_def in _rules | sum(start=[]) %}
{% set _protocol = _rule_def.protocol | default('ipv4') %}
{% set _order = _rule_def.order | default(50) | int %}
{% set _table = _rule_def.table | default('filter') %}
{% set _ = _rule_def.update({
'protocol': _protocol,
'order': _order,
'table': _table
})
%}
{% set _ = _var.append(_rule_def) %}
{% endfor %}
{{ _var }}