forked from evolix/ansible-roles
squid: minifirewall main file is configurable
This commit is contained in:
parent
c3e4a78442
commit
c96e8130ff
|
@ -6,3 +6,5 @@ squid_address: "{{ ansible_default_ipv4.address }}"
|
|||
squid_whitelist_items: []
|
||||
|
||||
squid_localproxy_enable: False
|
||||
|
||||
minifirewall_main_file: /etc/default/minifirewall
|
||||
|
|
|
@ -1,28 +1,28 @@
|
|||
---
|
||||
- name: Check if Minifirewall is present
|
||||
stat:
|
||||
path: /etc/default/minifirewall
|
||||
path: "{{ minifirewall_main_file }}"
|
||||
check_mode: no
|
||||
register: minifirewall_test
|
||||
|
||||
- block:
|
||||
- name: HTTPSITES list is commented in minifirewall
|
||||
replace:
|
||||
dest: /etc/default/minifirewall
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
regexp: "^(HTTPSITES='[^0-9])"
|
||||
replace: '#\1'
|
||||
notify: restart minifirewall
|
||||
|
||||
- name: all HTTPSITES are authorized in minifirewall
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "HTTPSITES='0.0.0.0/0'"
|
||||
insertafter: "^#HTTPSITES="
|
||||
notify: restart minifirewall
|
||||
|
||||
- name: add iptables rules for the proxy
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
regexp: "^#? *{{ item }}"
|
||||
line: "{{ item }}"
|
||||
insertafter: "^# Proxy"
|
||||
|
@ -35,7 +35,7 @@
|
|||
|
||||
- name: remove minifirewall example rule for the proxy
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
|
||||
state: absent
|
||||
notify: restart minifirewall
|
||||
|
|
Loading…
Reference in a new issue