-
Chris Hines authored
Former-commit-id: 6123b104
Chris Hines authoredFormer-commit-id: 6123b104
main.yml 1.29 KiB
---
# make sure firewalld is not installed
- name: make sure firewalld is not installed
yum: name={{ item }} state=absent
become: true
become_user: root
with_items:
- firewalld
- firewall-config
# make sure iptables is installed
- name: make sure iptables-services is installed
yum: name=iptables-services state=present
become: true
become_user: root
- name: make sure iptables service is running
service: name=iptables state=started enabled=yes
become: true
become_user: root
- name: get name of device for public interface
# output looks like
# 8.8.8.8 via 118.138.254.254 dev eth2 src 118.138.254.185
shell: /usr/sbin/ip route get 8.8.8.8 | awk '{print $5;exit }'
check_mode: no
changed_when: false
register: public_device_name
#if not defined, default to M3=vlan 114 ;
#See https://webnet.its.monash.edu.au/cgi-bin/staff-only/netsee
- set_fact: PRIVATE_NETWORK_CIDR="172.16.200.0/21"
when: PRIVATE_NETWORK_CIDR is undefined
# template ip tables rules or add rules on startup?
- name: template rules
template: dest=/etc/sysconfig/iptables src=iptables.j2
become: true
become_user: root
register: rule_changed
- name: restore rules
shell: iptables-restore
become: true
become_user: root
when: rule_changed.changed
# make sure ip forwarding is enabled