Minifirewall can deal with evomaintenance
Each role has to know how to deal with the other. Otherwise, depending on order of execution, the firewall might not allow connections for evomaintenance
This commit is contained in:
parent
98c5619721
commit
97b0225232
|
@ -19,3 +19,5 @@ minifirewall_private_ports_tcp: [5666]
|
|||
minifirewall_private_ports_udp: []
|
||||
|
||||
minifirewall_autostart: "no"
|
||||
|
||||
evomaintenance_hosts: []
|
||||
|
|
|
@ -94,6 +94,20 @@
|
|||
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
|
||||
register: minifirewall_config_ports
|
||||
|
||||
- name: evomaintenance
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
||||
insertafter: "^# EvoMaintenance"
|
||||
with_items: "{{ evomaintenance_hosts }}"
|
||||
|
||||
- name: remove minifirewall example rule for the evomaintenance
|
||||
lineinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
||||
state: absent
|
||||
when: evomaintenance_hosts != []
|
||||
|
||||
- name: restart minifirewall
|
||||
# service:
|
||||
# name: minifirewall
|
||||
|
|
Loading…
Reference in a new issue