Skip to content
This repository has been archived by the owner on Aug 2, 2019. It is now read-only.

arillso/ansible.iptables

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

defaults

defaults

 
 

handlers

handlers

 
 

meta

meta

 
 

tasks

tasks

 
 

templates

templates

 
 

vars

vars

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Ansible Role: iptables

Build Status license Ansible Galaxy

Description

Installs and configures iptables.

Installation

ansible-galaxy install sbaerlocher.iptables

Requirements

This role requires Ansible 2 or higher.

Role Variables

Name Default Description
iptables_filter_input_policy drop IPv4 default filter input policy
iptables_filter_forward_policy drop IPv4 default filter forward policy
iptables_filter_output_policy accept IPv4 default filter output policy
iptables_filter_rules [{protocol: tcp, source_address: 0.0.0.0/0, destination_port: 22, comment: OpenSSH, target: accept }] Array of filter rules represented as hashes
iptables_nat_prerouting_policy accept IPv4 default nat prerouting policy
iptables_nat_input_policy accept IPv4 default nat input policy
iptables_nat_output_policy accept IPv4 default nat output policy
iptables_nat_postrouting_policy accept IPv4 default nat postrouting policy
iptables_nat_rules [] Array of nat rules represented as hashes
ip6tables_filter_rules [] Array of filter rules represented as hashes
ip6tables_filter_input_policy drop IPv6 default filter input policy
ip6tables_filter_forward_policy drop IPv6 default filter forward policy
ip6tables_filter_output_policy accept IPv6 default filter output policy
ip6tables_nat_prerouting_policy accept IPv6 default nat prerouting policy
ip6tables_nat_input_policy accept IPv6 default nat input policy
ip6tables_nat_output_policy accept IPv6 default nat output policy
ip6tables_nat_postrouting_policy accept IPv6 default nat postrouting policy

Dependencies

None

Example Playbook

- hosts: all
  roles:
     - sbaerlocher.iptables

Install and configure iptables to disallow ICMP, allow OpenSSH and HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 22
        comment: OpenSSH
        target: accept
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
  roles:
    - sbaerlocher.iptables

Install and configure iptables with a port forward rule for HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
    iptables_nat_rules:
      - chain: prerouting
        protocol: tcp
        destination_port: 80
        target: dnat
        to_destination: 192.168.88.88
        to_port: 8080
  roles:
    - sbaerlocher.iptables

Changelog

2.4

  • add default value for ipv6
  • fix problem with ipv6

2.3

  • add support for ipv6

2.2

  • fix problems with ubuntu

2.1

  • fix problems with centos

2.0

  • new strucktur
  • new tests

1.0

  • Initial release

Author

License

This project is under the MIT License. See the LICENSE file for the full license text.

Copyright

(c) 2018, Simon Bärlocher

About

Install and Configure iptables for Linux on Debian, Ubuntu and CentOS.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

9 tags

Packages

No packages published