Browse Source

Minifirewall can deal with evomaintenance

Each role has to know how to deal with the other.
Otherwise, depending on order of execution, the firewall might not
allow connections for evomaintenance
evolinux-users
Jérémy Lecour 4 years ago
parent
commit
97b0225232
  1. 2
      minifirewall/defaults/main.yml
  2. 14
      minifirewall/tasks/config.yml

2
minifirewall/defaults/main.yml

@ -19,3 +19,5 @@ minifirewall_private_ports_tcp: [5666]
minifirewall_private_ports_udp: []
minifirewall_autostart: "no"
evomaintenance_hosts: []

14
minifirewall/tasks/config.yml

@ -94,6 +94,20 @@
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
register: minifirewall_config_ports
- name: evomaintenance
lineinfile:
dest: /etc/default/minifirewall
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
insertafter: "^# EvoMaintenance"
with_items: "{{ evomaintenance_hosts }}"
- name: remove minifirewall example rule for the evomaintenance
lineinfile:
dest: /etc/default/minifirewall
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
state: absent
when: evomaintenance_hosts != []
- name: restart minifirewall
# service:
# name: minifirewall

Loading…
Cancel
Save