evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

minifirewall: restart if needed

Browse source
This commit is contained in:
Jérémy Lecour 2017-01-09 16:38:21 +01:00 committed by Jérémy Lecour
parent 4bbfd32a87
commit 8cc7a032c2
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
minifirewall/tasks/config.yml
View file

@ -1,5 +1,11 @@
---
- name: Check if minifirewall is running
command: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$
changed_when: False
failed_when: False
register: minifirewall_is_running
- name: Begin marker for IP addresses
lineinfile:
dest: /etc/default/minifirewall
@ -25,7 +31,7 @@
INTLAN='{{ minifirewall_intlan }}'
TRUSTEDIPS='{{ minifirewall_trusted_ips | join(' ') }}'
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
register: minifirewall_config_ips
- name: Begin marker for ports
lineinfile:
@ -55,3 +61,10 @@
SERVICESUDP2='{{ minifirewall_semipublic_ports_udp | join(' ') }}'
SERVICESTCP3='{{ minifirewall_private_ports_tcp | join(' ') }}'
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
register: minifirewall_config_ports
- name: restart minifirewall
service:
name: minifirewall
state: restarted
when: minifirewall_is_running.rc == 0 and (minifirewall_config_ips | changed or minifirewall_config_ports | changed)