From 2eb57009aa6dbe80d9986714efaaf6f2c275b915 Mon Sep 17 00:00:00 2001 From: Andriy Novykov Date: Tue, 25 Jun 2024 17:12:29 -0700 Subject: [PATCH] Separated oracle linux and ubuntu plays from each other for iptables. --- playbooks/roles/iptables/tasks/el.yml | 43 +++++++++++++++++++++ playbooks/roles/iptables/tasks/main.yml | 46 ++--------------------- playbooks/roles/iptables/tasks/ubuntu.yml | 0 3 files changed, 47 insertions(+), 42 deletions(-) create mode 100644 playbooks/roles/iptables/tasks/el.yml create mode 100644 playbooks/roles/iptables/tasks/ubuntu.yml diff --git a/playbooks/roles/iptables/tasks/el.yml b/playbooks/roles/iptables/tasks/el.yml new file mode 100644 index 00000000..10e5a65f --- /dev/null +++ b/playbooks/roles/iptables/tasks/el.yml @@ -0,0 +1,43 @@ +--- +- name: Install iptables services for persistence + vars: + package_name: + - iptables-services + include_role: + name: safe_yum + +- name: Start iptables services + ansible.builtin.service: + name: "iptables" + enabled: true + state: started + +- name: Setup iptables chains and rules for billing + become: true + block: + # Ansible 2.9 doesn't allow for chain management so we need to create the chain ourselves + - name: Create user-defined chain + shell: iptables -N USER_TRAFFIC + ignore_errors: true + + - name: Insert USER_TRAFFIC chain to OUTPUT + ansible.builtin.iptables: + chain: OUTPUT + jump: USER_TRAFFIC + action: insert + + - name: Append rule to USER_TRAFFIC chain + ansible.builtin.iptables: + table: filter + chain: USER_TRAFFIC + destination: 172.16.0.0/21 + jump: RETURN + action: append + + # Save the rules + - name: Save iptables rules + shell: iptables-save | tee /etc/sysconfig/iptables + + - name: Save ip6tables rules + shell: ip6tables-save | tee /etc/sysconfig/ip6tables + when: billing | default(false) | bool \ No newline at end of file diff --git a/playbooks/roles/iptables/tasks/main.yml b/playbooks/roles/iptables/tasks/main.yml index 10e5a65f..6bf951af 100644 --- a/playbooks/roles/iptables/tasks/main.yml +++ b/playbooks/roles/iptables/tasks/main.yml @@ -1,43 +1,5 @@ ---- -- name: Install iptables services for persistence - vars: - package_name: - - iptables-services - include_role: - name: safe_yum +- include_tasks: el.yml + when: ansible_os_family == 'RedHat' -- name: Start iptables services - ansible.builtin.service: - name: "iptables" - enabled: true - state: started - -- name: Setup iptables chains and rules for billing - become: true - block: - # Ansible 2.9 doesn't allow for chain management so we need to create the chain ourselves - - name: Create user-defined chain - shell: iptables -N USER_TRAFFIC - ignore_errors: true - - - name: Insert USER_TRAFFIC chain to OUTPUT - ansible.builtin.iptables: - chain: OUTPUT - jump: USER_TRAFFIC - action: insert - - - name: Append rule to USER_TRAFFIC chain - ansible.builtin.iptables: - table: filter - chain: USER_TRAFFIC - destination: 172.16.0.0/21 - jump: RETURN - action: append - - # Save the rules - - name: Save iptables rules - shell: iptables-save | tee /etc/sysconfig/iptables - - - name: Save ip6tables rules - shell: ip6tables-save | tee /etc/sysconfig/ip6tables - when: billing | default(false) | bool \ No newline at end of file +- include_tasks: ubuntu.yml + when: ansible_distribution == 'Ubuntu' \ No newline at end of file diff --git a/playbooks/roles/iptables/tasks/ubuntu.yml b/playbooks/roles/iptables/tasks/ubuntu.yml new file mode 100644 index 00000000..e69de29b