From b1ccd5cd8ae60ea30df3f96dbd6bff7c016dd193 Mon Sep 17 00:00:00 2001
From: Alexis Ben Miloud--Josselin <abenmiloud+git@evolix.fr>
Date: Wed, 13 Dec 2023 12:21:37 +0100
Subject: [PATCH] kvm-host: Add firewall rule for DRBD

---
 kvm-host/defaults/main.yml  | 4 +++-
 kvm-host/tasks/firewall.yml | 9 +++++++++
 kvm-host/tasks/main.yml     | 2 ++
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 kvm-host/tasks/firewall.yml

diff --git a/kvm-host/defaults/main.yml b/kvm-host/defaults/main.yml
index 574c249f..807aac57 100644
--- a/kvm-host/defaults/main.yml
+++ b/kvm-host/defaults/main.yml
@@ -3,4 +3,6 @@ kvm_custom_libvirt_images_path: ''
 kvm_install_drbd: True
 kvm_scripts_dir: /usr/local/sbin
 
-kvm_pair: null
\ No newline at end of file
+kvm_pair: null
+
+kvm_drbd_interface: null
diff --git a/kvm-host/tasks/firewall.yml b/kvm-host/tasks/firewall.yml
new file mode 100644
index 00000000..328d045c
--- /dev/null
+++ b/kvm-host/tasks/firewall.yml
@@ -0,0 +1,9 @@
+---
+- name: Allow all traffic through DRBD interface
+  ansible.builtin.lineinfile:
+    path: /etc/minifirewall.d/drbd
+    line: "/sbin/iptables -I INPUT -p tcp -i {{ kvm_drbd_interface }} -j ACCEPT"
+    create: yes
+  when:
+    - kvm_drbd_interface is defined
+    - kvm_drbd_interface | length > 0
diff --git a/kvm-host/tasks/main.yml b/kvm-host/tasks/main.yml
index c6004b7b..ee45816e 100644
--- a/kvm-host/tasks/main.yml
+++ b/kvm-host/tasks/main.yml
@@ -14,3 +14,5 @@
 - ansible.builtin.include: images.yml
 
 - ansible.builtin.include: tools.yml
+
+- ansible.builtin.include: firewall.yml