Skip to content
Snippets Groups Projects
Commit 238d04da authored by Simon Michnowicz's avatar Simon Michnowicz
Browse files

Merge branch 'master' of... 

Merge branch 'master' of gitlab.erc.monash.edu.au:hpc-team/ansible_cluster_in_a_box into modifyloggingscript


Former-commit-id: 7ba0e06a
parents 5cfb5f97 6db95aea
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/nat_server/tasks/main.yml 0 → 100644
+ 36
0
View file @ 238d04da
---
# make sure firewalld is not installed
- name: make sure firewalld is not installed
yum: name={{ item }} state=absent
become: true
become_user: root
with_items:
- firewalld
- firewall-config
# make sure iptables is installed
- name: make sure iptables-services is installed
yum: name=iptables-services state=present
become: true
become_user: root
- name: make sure iptables service is running
service: name=iptables state=started enabled=yes
become: true
become_user: root
# template ip tables rules or add rules on startup?
- name: template rules
template: dest=/etc/sysconfig/iptables src=iptables.j2
become: true
become_user: root
register: rule_changed
- name: restore rules
shell: iptables-restore
become: true
become_user: root
when: rule_changed | changed
# make sure ip forwarding is enabled
roles/nat_server/templates/iptables.j2 0 → 100644
+ 33
0
View file @ 238d04da
# Generated by iptables-save v1.4.21 on Mon Nov 7 16:34:03 2016
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Mon Nov 7 16:34:03 2016
# Generated by iptables-save v1.4.21 on Mon Nov 7 16:34:03 2016
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Mon Nov 7 16:34:03 2016
# Generated by iptables-save v1.4.21 on Mon Nov 7 16:34:03 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i mlx0 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
COMMIT
# Completed on Mon Nov 7 16:34:03 2016
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment