1
0
Fork 0
home-ansible/roles/firewall/tasks/main.yml

90 lines
1.7 KiB
YAML

---
- name: Install iptables packages
apt:
name: iptables-persistent
state: present
- name: Allow all loopback traffic
iptables:
chain: INPUT
in_interface: lo
jump: ACCEPT
notify: Persist iptables
- name: Allow port ping traffic
iptables:
chain: INPUT
jump: ACCEPT
protocol: icmp
notify: Persist iptables
- name: Allow related and established connections
iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
notify: Persist iptables
- name: Allow SSH
iptables:
chain: INPUT
destination_port: 22
jump: ACCEPT
protocol: tcp
notify: Persist iptables
- name: Allow web
iptables:
chain: INPUT
protocol: tcp
destination_port: 80
jump: ACCEPT
notify: Persist iptables
- name: Allow admin web (nginx proxy)
iptables:
chain: INPUT
protocol: tcp
destination_port: 81
jump: ACCEPT
notify: Persist iptables
- name: Allow dns
iptables:
chain: INPUT
protocol: tcp
destination_port: 53
jump: ACCEPT
notify: Persist iptables
- name: Allow dns (udp)
iptables:
chain: INPUT
protocol: udp
destination_port: 53
jump: ACCEPT
notify: Persist iptables
- name: Allow related and established connections
ansible.builtin.iptables:
chain: INPUT
ctstate: ESTABLISHED,RELATED
jump: ACCEPT
- name: Set the policy for the INPUT chain to DROP
iptables:
chain: INPUT
policy: DROP
notify: Persist iptables
- name: Set the policy for the FORWARD chain to DROP
iptables:
chain: FORWARD
policy: DROP
notify: Persist iptables
- name: Set the policy for the OUTPUT chain to ACCEPT
iptables:
chain: OUTPUT
policy: ACCEPT
notify: Persist iptables