Skip to content
/ ansible.iptables Public
forked from arillso/ansible.iptables

Install and Configure iptables for Linux on Debian, Ubuntu and CentOS.

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bmcatherasoo/ansible.iptables

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
defaults
defaults
 
 
handlers
handlers
 
 
meta
meta
 
 
tasks
tasks
 
 
templates
templates
 
 
vars
vars
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Ansible Role: iptables

Build Status license Ansible Galaxy

Description

Installs and configures iptables.

Installation

ansible-galaxy install sbaerlocher.iptables

Requirements

This role requires Ansible 2 or higher.

Role Variables

Name Default Description
iptables_filter_input_policy drop IPv4 default filter input policy
iptables_filter_forward_policy drop IPv4 default filter forward policy
iptables_filter_output_policy accept IPv4 default filter output policy
iptables_filter_rules [{protocol: tcp, source_address: 0.0.0.0/0, destination_port: 22, comment: OpenSSH, target: accept }] Array of filter rules represented as hashes
iptables_nat_prerouting_policy accept IPv4 default nat prerouting policy
iptables_nat_input_policy accept IPv4 default nat input policy
iptables_nat_output_policy accept IPv4 default nat output policy
iptables_nat_postrouting_policy accept IPv4 default nat postrouting policy
iptables_nat_rules [] Array of nat rules represented as hashes
ip6tables_filter_rules [] Array of filter rules represented as hashes
ip6tables_filter_input_policy drop IPv6 default filter input policy
ip6tables_filter_forward_policy drop IPv6 default filter forward policy
ip6tables_filter_output_policy accept IPv6 default filter output policy
ip6tables_nat_prerouting_policy accept IPv6 default nat prerouting policy
ip6tables_nat_input_policy accept IPv6 default nat input policy
ip6tables_nat_output_policy accept IPv6 default nat output policy
ip6tables_nat_postrouting_policy accept IPv6 default nat postrouting policy

Dependencies

None

Example Playbook

- hosts: all
  roles:
     - sbaerlocher.iptables

Install and configure iptables to disallow ICMP, allow OpenSSH and HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 22
        comment: OpenSSH
        target: accept
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
  roles:
    - sbaerlocher.iptables

Install and configure iptables with a port forward rule for HTTP

- hosts: all
  vars:
    iptables_filter_rules:
      - chain: input
        protocol: tcp
        source_address: 0.0.0.0/0
        destination_port: 80
        comment: HTTP
        target: accept
    iptables_nat_rules:
      - chain: prerouting
        protocol: tcp
        destination_port: 80
        target: dnat
        to_destination: 192.168.88.88
        to_port: 8080
  roles:
    - sbaerlocher.iptables

Changelog

2.4

  • add default value for ipv6
  • fix problem with ipv6

2.3

  • add support for ipv6

2.2

  • fix problems with ubuntu

2.1

  • fix problems with centos

2.0

  • new strucktur
  • new tests

1.0

  • Initial release

Author

License

This project is under the MIT License. See the LICENSE file for the full license text.

Copyright

(c) 2018, Simon Bärlocher

About

Install and Configure iptables for Linux on Debian, Ubuntu and CentOS.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published