Skip to content

Commit

Permalink
Merge branch 'iptables-persistent'
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikegleasonjr
mikegleasonjr committed Oct 1, 2016
2 parents 7a1d8e1 + 3f482db commit 96d7c7a
Show file tree
Hide file tree
Showing 11 changed files with 37 additions and 33 deletions.
8 changes: 7 additions & 1 deletion Vagrantfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,23 @@ boxes = {
:cpu => "2",
:ram => "256"
},
"centos/7" => {
"ubuntu/xenial64" => {
:ip => '192.168.33.11',
:cpu => "2",
:ram => "256"
},
"centos/7" => {
:ip => '192.168.33.12',
:cpu => "2",
:ram => "256"
},
}

Vagrant.configure("2") do |config|
boxes.each do |box, options|
config.vm.define box.dup.sub!("/", "-") do |machine|
machine.vm.box = box
machine.vm.box_check_update = false
machine.vm.network :private_network, ip: options[:ip]

machine.vm.provider "virtualbox" do |vb|
Expand Down
1 change: 0 additions & 1 deletion tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
---
- include: vars.yml
- include: rules.yml

- include: persist-debian.yml
Expand Down
29 changes: 25 additions & 4 deletions tasks/persist-debian.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,27 @@
---
- name: Copy v4 save script
template: src=save.v4.j2 dest=/etc/network/if-post-down.d/iptables-v4 owner=root group=root mode=755
- name: Remove any obsolete v4 save script
file: path=/etc/network/if-post-down.d/iptables-v4 state=absent

- name: Copy v4 restore script
template: src=restore.v4.j2 dest=/etc/network/if-pre-up.d/iptables-v4 owner=root group=root mode=755
- name: Remove any obsolete v4 restore script
file: path=/etc/network/if-pre-up.d/iptables-v4 state=absent

- name: Remove any obsolete v4 saved rules
file: path=/etc/iptables.v4.saved state=absent

- name: Install iptables-persistent
apt: name=iptables-persistent state=present

- name: Check if netfilter-persistent is present
shell: which netfilter-persistent
register: is_netfilter
when: v4_script|changed
changed_when: false
ignore_errors: yes

- name: Save v4 rules (netfilter-persistent)
command: netfilter-persistent save
when: v4_script|changed and is_netfilter.rc == 0

- name: Save v4 rules (iptables-persistent)
command: /etc/init.d/iptables-persistent save
when: v4_script|changed and is_netfilter.rc == 1
4 changes: 4 additions & 0 deletions tasks/persist-redhat.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
---
- name: Save v4 rules (/etc/sysconfig/iptables)
shell: iptables-save -c > /etc/sysconfig/iptables
when: v4_script|changed

- name: Ensure iptables service is installed
yum: name=iptables-services state=present
when: ansible_distribution_major_version >= '7'
Expand Down
4 changes: 0 additions & 4 deletions tasks/rules.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,3 @@
register: v4_script_load_result
failed_when: v4_script_load_result.rc != 0 or 'unknown option' in v4_script_load_result.stderr
when: v4_script|changed

- name: Save v4 rules
shell: iptables-save -c > {{ firewall_v4_saved_rules_path }}
when: v4_script|changed
3 changes: 0 additions & 3 deletions tasks/vars.yml
View file

This file was deleted.

5 changes: 0 additions & 5 deletions templates/restore.v4.j2
View file

This file was deleted.

10 changes: 0 additions & 10 deletions templates/save.v4.j2
View file

This file was deleted.

2 changes: 1 addition & 1 deletion tests.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
- hosts: all
sudo: true
become: true

roles:
- role: .
Expand Down
2 changes: 0 additions & 2 deletions vars/Debian.yml
View file

This file was deleted.

2 changes: 0 additions & 2 deletions vars/RedHat.yml
View file

This file was deleted.

0 comments on commit 96d7c7a

Please sign in to comment.