forked from evolix/ansible-roles
Squid: restart minifirewall if needed
This commit is contained in:
parent
c430fa3485
commit
248f550a7f
|
@ -28,3 +28,6 @@
|
||||||
service:
|
service:
|
||||||
name: log2mail
|
name: log2mail
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: restart minifirewall
|
||||||
|
command: /etc/init.d/minifirewall restart
|
||||||
|
|
|
@ -11,12 +11,14 @@
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
regexp: "^(HTTPSITES='[^0-9])"
|
regexp: "^(HTTPSITES='[^0-9])"
|
||||||
replace: '#\1'
|
replace: '#\1'
|
||||||
|
notify: restart minifirewall
|
||||||
|
|
||||||
- name: all HTTPSITES are authorized in minifirewall
|
- name: all HTTPSITES are authorized in minifirewall
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
line: "HTTPSITES='0.0.0.0/0'"
|
line: "HTTPSITES='0.0.0.0/0'"
|
||||||
insertafter: "^#HTTPSITES="
|
insertafter: "^#HTTPSITES="
|
||||||
|
notify: restart minifirewall
|
||||||
|
|
||||||
- name: add iptables rules for the proxy
|
- name: add iptables rules for the proxy
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -29,10 +31,12 @@
|
||||||
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
|
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
|
||||||
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
|
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
|
||||||
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
|
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
|
||||||
|
notify: restart minifirewall
|
||||||
|
|
||||||
- name: remove minifirewall example rule for the proxy
|
- name: remove minifirewall example rule for the proxy
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
|
regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
|
||||||
state: absent
|
state: absent
|
||||||
|
notify: restart minifirewall
|
||||||
when: minifirewall_test.stat.exists
|
when: minifirewall_test.stat.exists
|
||||||
|
|
Loading…
Reference in a new issue