evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

squid: minifirewall main file is configurable

Browse source
This commit is contained in:
Jérémy Lecour 2018-12-04 14:24:38 +01:00 committed by Jérémy Lecour
parent c3e4a78442
commit c96e8130ff
2 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
squid/defaults/main.yml
View file

@ -6,3 +6,5 @@ squid_address: "{{ ansible_default_ipv4.address }}"
squid_whitelist_items: []
squid_localproxy_enable: False
minifirewall_main_file: /etc/default/minifirewall

10
squid/tasks/minifirewall.yml
View file

@ -1,28 +1,28 @@
---
- name: Check if Minifirewall is present
stat:
path: /etc/default/minifirewall
path: "{{ minifirewall_main_file }}"
check_mode: no
register: minifirewall_test
- block:
- name: HTTPSITES list is commented in minifirewall
replace:
dest: /etc/default/minifirewall
dest: "{{ minifirewall_main_file }}"
regexp: "^(HTTPSITES='[^0-9])"
replace: '#\1'
notify: restart minifirewall
- name: all HTTPSITES are authorized in minifirewall
lineinfile:
dest: /etc/default/minifirewall
dest: "{{ minifirewall_main_file }}"
line: "HTTPSITES='0.0.0.0/0'"
insertafter: "^#HTTPSITES="
notify: restart minifirewall
- name: add iptables rules for the proxy
lineinfile:
dest: /etc/default/minifirewall
dest: "{{ minifirewall_main_file }}"
regexp: "^#? *{{ item }}"
line: "{{ item }}"
insertafter: "^# Proxy"
@ -35,7 +35,7 @@
- name: remove minifirewall example rule for the proxy
lineinfile:
dest: /etc/default/minifirewall
dest: "{{ minifirewall_main_file }}"
regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
state: absent
notify: restart minifirewall