2016-11-07 14:00:57 +01:00
|
|
|
---
|
2017-01-13 09:05:32 +01:00
|
|
|
- name: Check if Minifirewall is present
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.stat:
|
2022-04-28 12:40:02 +02:00
|
|
|
path: "/etc/default/minifirewall"
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
2016-11-07 14:00:57 +01:00
|
|
|
register: minifirewall_test
|
|
|
|
|
2017-02-09 17:44:35 +01:00
|
|
|
- block:
|
2017-01-13 09:05:32 +01:00
|
|
|
- name: HTTPSITES list is commented in minifirewall
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.replace:
|
2022-04-28 12:40:02 +02:00
|
|
|
dest: "/etc/default/minifirewall"
|
2017-01-13 09:05:32 +01:00
|
|
|
regexp: "^(HTTPSITES='[^0-9])"
|
|
|
|
replace: '#\1'
|
2017-09-20 10:30:24 +02:00
|
|
|
notify: restart minifirewall
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2017-01-13 09:05:32 +01:00
|
|
|
- name: all HTTPSITES are authorized in minifirewall
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2022-04-28 12:40:02 +02:00
|
|
|
dest: "/etc/default/minifirewall"
|
2017-01-13 09:05:32 +01:00
|
|
|
line: "HTTPSITES='0.0.0.0/0'"
|
2018-12-04 14:26:13 +01:00
|
|
|
regexp: "HTTPSITES='.*'"
|
2017-01-13 09:05:32 +01:00
|
|
|
insertafter: "^#HTTPSITES="
|
2017-09-20 10:30:24 +02:00
|
|
|
notify: restart minifirewall
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2022-04-28 12:40:02 +02:00
|
|
|
# The PROXY variable means that minifirewall is "modern"
|
|
|
|
- name: Look for PROXY variable
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.shell:
|
|
|
|
cmd: "grep -E '^\\s*PROXY=' /etc/default/minifirewall"
|
2022-04-28 12:40:02 +02:00
|
|
|
failed_when: False
|
|
|
|
changed_when: False
|
|
|
|
check_mode: False
|
|
|
|
register: _minifirewall_proxy_var_check
|
|
|
|
|
|
|
|
- name: Set proxy configuration for minifirewall (legacy mode)
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2022-04-28 12:40:02 +02:00
|
|
|
dest: "/etc/default/minifirewall"
|
2017-01-13 09:05:32 +01:00
|
|
|
regexp: "^#? *{{ item }}"
|
|
|
|
line: "{{ item }}"
|
|
|
|
insertafter: "^# Proxy"
|
2021-05-04 14:18:40 +02:00
|
|
|
loop:
|
2017-01-13 09:05:32 +01:00
|
|
|
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT"
|
|
|
|
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
|
|
|
|
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
|
|
|
|
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
|
2017-09-20 10:30:24 +02:00
|
|
|
notify: restart minifirewall
|
2022-04-28 12:40:02 +02:00
|
|
|
when: _minifirewall_proxy_var_check.rc == 1
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2022-04-28 12:40:02 +02:00
|
|
|
- name: remove minifirewall example rule for the proxy (legacy mode)
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.lineinfile:
|
2022-04-28 12:40:02 +02:00
|
|
|
dest: "/etc/default/minifirewall"
|
2017-01-13 09:05:32 +01:00
|
|
|
regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
|
|
|
|
state: absent
|
2017-09-20 10:30:24 +02:00
|
|
|
notify: restart minifirewall
|
2022-04-28 12:40:02 +02:00
|
|
|
when: _minifirewall_proxy_var_check.rc == 1
|
|
|
|
|
|
|
|
- name: Set proxy configuration for minifirewall (modern mode)
|
2023-03-20 23:33:19 +01:00
|
|
|
ansible.builtin.replace:
|
2022-04-28 12:40:02 +02:00
|
|
|
dest: "/etc/default/minifirewall"
|
|
|
|
replace: "PROXY='on'"
|
|
|
|
regexp: "PROXY='.*'"
|
|
|
|
notify: restart minifirewall
|
|
|
|
when: _minifirewall_proxy_var_check.rc == 0
|
2017-01-13 09:05:32 +01:00
|
|
|
when: minifirewall_test.stat.exists
|