minifirewall: restart if needed
This commit is contained in:
parent
4bbfd32a87
commit
8cc7a032c2
|
@ -1,5 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Check if minifirewall is running
|
||||||
|
command: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$
|
||||||
|
changed_when: False
|
||||||
|
failed_when: False
|
||||||
|
register: minifirewall_is_running
|
||||||
|
|
||||||
- name: Begin marker for IP addresses
|
- name: Begin marker for IP addresses
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
|
@ -25,7 +31,7 @@
|
||||||
INTLAN='{{ minifirewall_intlan }}'
|
INTLAN='{{ minifirewall_intlan }}'
|
||||||
TRUSTEDIPS='{{ minifirewall_trusted_ips | join(' ') }}'
|
TRUSTEDIPS='{{ minifirewall_trusted_ips | join(' ') }}'
|
||||||
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
|
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
|
||||||
|
register: minifirewall_config_ips
|
||||||
|
|
||||||
- name: Begin marker for ports
|
- name: Begin marker for ports
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -55,3 +61,10 @@
|
||||||
SERVICESUDP2='{{ minifirewall_semipublic_ports_udp | join(' ') }}'
|
SERVICESUDP2='{{ minifirewall_semipublic_ports_udp | join(' ') }}'
|
||||||
SERVICESTCP3='{{ minifirewall_private_ports_tcp | join(' ') }}'
|
SERVICESTCP3='{{ minifirewall_private_ports_tcp | join(' ') }}'
|
||||||
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
||||||
|
register: minifirewall_config_ports
|
||||||
|
|
||||||
|
- name: restart minifirewall
|
||||||
|
service:
|
||||||
|
name: minifirewall
|
||||||
|
state: restarted
|
||||||
|
when: minifirewall_is_running.rc == 0 and (minifirewall_config_ips | changed or minifirewall_config_ports | changed)
|
||||||
|
|
Loading…
Reference in a new issue