2017-05-10 11:46:47 +02:00
|
|
|
---
|
|
|
|
- name: Add some rules at the end of minifirewall file
|
|
|
|
template:
|
|
|
|
src: "{{ item }}"
|
2022-03-15 23:07:33 +01:00
|
|
|
dest: "/etc/minifirewall.d/{{ minifirewall_tail_file }}"
|
2018-08-30 17:06:21 +02:00
|
|
|
force: "{{ minifirewall_tail_force | bool }}"
|
2022-03-25 18:12:24 +01:00
|
|
|
follow: yes
|
2021-05-04 13:39:47 +02:00
|
|
|
loop: "{{ query('first_found', templates) }}"
|
|
|
|
vars:
|
|
|
|
templates:
|
|
|
|
- "templates/minifirewall-tail/minifirewall.{{ inventory_hostname }}.tail.j2"
|
2021-05-19 14:35:08 +02:00
|
|
|
- "templates/minifirewall-tail/minifirewall.{{ host_group | default('all') }}.tail.j2"
|
2021-05-04 13:39:47 +02:00
|
|
|
- "templates/minifirewall-tail/minifirewall.default.tail.j2"
|
|
|
|
- "templates/minifirewall.default.tail.j2"
|
2017-05-10 14:33:23 +02:00
|
|
|
register: minifirewall_tail_template
|
2017-05-10 11:46:47 +02:00
|
|
|
|
|
|
|
- debug:
|
2017-05-10 14:33:23 +02:00
|
|
|
var: minifirewall_tail_template
|
2017-05-10 11:46:47 +02:00
|
|
|
verbosity: 1
|
|
|
|
|
|
|
|
- name: restart minifirewall
|
|
|
|
# service:
|
|
|
|
# name: minifirewall
|
|
|
|
# state: restarted
|
|
|
|
command: /etc/init.d/minifirewall restart
|
|
|
|
register: minifirewall_init_restart
|
|
|
|
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
|
|
|
|
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
|
2018-08-30 17:04:14 +02:00
|
|
|
when:
|
2019-12-31 15:34:48 +01:00
|
|
|
- minifirewall_tail_template is changed
|
2021-05-09 23:06:42 +02:00
|
|
|
- minifirewall_restart_if_needed | bool
|
2018-08-30 17:04:14 +02:00
|
|
|
|
|
|
|
- name: restart minifirewall (noop)
|
|
|
|
meta: noop
|
|
|
|
register: minifirewall_init_restart
|
|
|
|
failed_when: False
|
|
|
|
changed_when: False
|
2021-05-09 23:06:42 +02:00
|
|
|
when: not (minifirewall_restart_if_needed | bool)
|
2017-05-10 11:46:47 +02:00
|
|
|
|
|
|
|
- debug:
|
|
|
|
var: minifirewall_init_restart
|
|
|
|
verbosity: 1
|