Skip to content

Install and Configure iptables for Linux on Debian, Ubuntu and CentOS.

License

Notifications You must be signed in to change notification settings

bmcatherasoo/ansible.iptables

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ansible Role: iptables

Build Status license Ansible Galaxy

Description

Installs and configures iptables.

Installation

ansible-galaxy install sbaerlocher.iptables

Requirements

This role requires Ansible 2 or higher.

Role Variables

Name Default Description
iptables_filter_input_policy drop IPv4 default filter input policy
iptables_filter_forward_policy drop IPv4 default filter forward policy
iptables_filter_output_policy accept IPv4 default filter output policy
iptables_filter_rules [{protocol: tcp, source_address: 0.0.0.0/0, destination_port: 22, comment: OpenSSH, target: accept }] Array of filter rules represented as hashes
iptables_nat_prerouting_policy accept IPv4 default nat prerouting policy
iptables_nat_input_policy accept IPv4 default nat input policy
iptables_nat_output_policy accept IPv4 default nat output policy
iptables_nat_postrouting_policy accept IPv4 default nat postrouting policy
iptables_nat_rules [] Array of nat rules represented as hashes
ip6tables_filter_rules [] Array of filter rules represented as hashes
ip6tables_filter_input_policy drop IPv6 default filter input policy
ip6tables_filter_forward_policy drop IPv6 default filter forward policy
ip6tables_filter_output_policy accept IPv6 default filter output policy
ip6tables_nat_prerouting_policy accept IPv6 default nat prerouting policy
ip6tables_nat_input_policy accept IPv6 default nat input policy
ip6tables_nat_output_policy accept IPv6 default nat output policy
ip6tables_nat_postrouting_policy accept IPv6 default nat postrouting policy

Dependencies

None

Example Playbook

- hosts: all
  roles:
     - sbaerlocher.iptables

Install and configure iptables to disallow ICMP, allow OpenSSH and HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 22
        comment: OpenSSH
        target: accept
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
  roles:
    - sbaerlocher.iptables

Install and configure iptables with a port forward rule for HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
    iptables_nat_rules:
      - chain: prerouting
        protocol: tcp
        destination_port: 80
        target: dnat
        to_destination: 192.168.88.88
        to_port: 8080
  roles:
    - sbaerlocher.iptables

Changelog

2.4

  • add default value for ipv6
  • fix problem with ipv6

2.3

  • add support for ipv6

2.2

  • fix problems with ubuntu

2.1

  • fix problems with centos

2.0

  • new strucktur
  • new tests

1.0

  • Initial release

Author

License

This project is under the MIT License. See the LICENSE file for the full license text.

Copyright

(c) 2018, Simon Bärlocher

About

Install and Configure iptables for Linux on Debian, Ubuntu and CentOS.

Resources

License

Stars

Watchers

Forks

Packages

No packages published