evomaintenance: check if minifirewall is installed
This commit is contained in:
parent
66eee11cf7
commit
5e949d74fd
|
@ -23,15 +23,22 @@
|
||||||
- include: trap.yml home={{ item }}
|
- include: trap.yml home={{ item }}
|
||||||
with_items: "{{ home_of_shell_users.stdout_lines }}"
|
with_items: "{{ home_of_shell_users.stdout_lines }}"
|
||||||
|
|
||||||
|
- name: Is minifirewall installed?
|
||||||
|
stat:
|
||||||
|
path: /etc/default/minifirewall
|
||||||
|
register: minifirewall_default_file
|
||||||
|
|
||||||
- name: minifirewall section for evomaintenance
|
- name: minifirewall section for evomaintenance
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||||
insertafter: "^# EvoMaintenance"
|
insertafter: "^# EvoMaintenance"
|
||||||
with_items: "{{ evomaintenance_hosts }}"
|
with_items: "{{ evomaintenance_hosts }}"
|
||||||
|
when: minifirewall_default_file.stat.exists
|
||||||
|
|
||||||
- name: remove minifirewall example rule for the proxy
|
- name: remove minifirewall example rule for the proxy
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||||
state: absent
|
state: absent
|
||||||
|
when: minifirewall_default_file.stat.exists
|
||||||
|
|
Loading…
Reference in a new issue