Browse Source

Squid: restart minifirewall if needed

evolinux-users
Jérémy Lecour 4 years ago
committed by Jérémy Lecour
parent
commit
248f550a7f
  1. 3
      squid/handlers/main.yml
  2. 4
      squid/tasks/minifirewall.yml

3
squid/handlers/main.yml

@ -28,3 +28,6 @@
service:
name: log2mail
state: restarted
- name: restart minifirewall
command: /etc/init.d/minifirewall restart

4
squid/tasks/minifirewall.yml

@ -11,12 +11,14 @@
dest: /etc/default/minifirewall
regexp: "^(HTTPSITES='[^0-9])"
replace: '#\1'
notify: restart minifirewall
- name: all HTTPSITES are authorized in minifirewall
lineinfile:
dest: /etc/default/minifirewall
line: "HTTPSITES='0.0.0.0/0'"
insertafter: "^#HTTPSITES="
notify: restart minifirewall
- name: add iptables rules for the proxy
lineinfile:
@ -29,10 +31,12 @@
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
notify: restart minifirewall
- name: remove minifirewall example rule for the proxy
lineinfile:
dest: /etc/default/minifirewall
regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
state: absent
notify: restart minifirewall
when: minifirewall_test.stat.exists
Loading…
Cancel
Save