From c96e8130ff1cd044c17d1b143def793822b27730 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 4 Dec 2018 14:24:38 +0100 Subject: [PATCH] squid: minifirewall main file is configurable --- squid/defaults/main.yml | 2 ++ squid/tasks/minifirewall.yml | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/squid/defaults/main.yml b/squid/defaults/main.yml index 1a6db438..2188d606 100644 --- a/squid/defaults/main.yml +++ b/squid/defaults/main.yml @@ -6,3 +6,5 @@ squid_address: "{{ ansible_default_ipv4.address }}" squid_whitelist_items: [] squid_localproxy_enable: False + +minifirewall_main_file: /etc/default/minifirewall diff --git a/squid/tasks/minifirewall.yml b/squid/tasks/minifirewall.yml index 5eea7675..8d018142 100644 --- a/squid/tasks/minifirewall.yml +++ b/squid/tasks/minifirewall.yml @@ -1,28 +1,28 @@ --- - name: Check if Minifirewall is present stat: - path: /etc/default/minifirewall + path: "{{ minifirewall_main_file }}" check_mode: no register: minifirewall_test - block: - name: HTTPSITES list is commented in minifirewall replace: - dest: /etc/default/minifirewall + dest: "{{ minifirewall_main_file }}" regexp: "^(HTTPSITES='[^0-9])" replace: '#\1' notify: restart minifirewall - name: all HTTPSITES are authorized in minifirewall lineinfile: - dest: /etc/default/minifirewall + dest: "{{ minifirewall_main_file }}" line: "HTTPSITES='0.0.0.0/0'" insertafter: "^#HTTPSITES=" notify: restart minifirewall - name: add iptables rules for the proxy lineinfile: - dest: /etc/default/minifirewall + dest: "{{ minifirewall_main_file }}" regexp: "^#? *{{ item }}" line: "{{ item }}" insertafter: "^# Proxy" @@ -35,7 +35,7 @@ - name: remove minifirewall example rule for the proxy lineinfile: - dest: /etc/default/minifirewall + dest: "{{ minifirewall_main_file }}" regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)' state: absent notify: restart minifirewall