--- - name: Check if Minifirewall is present ansible.builtin.stat: path: "/etc/default/minifirewall" check_mode: no register: minifirewall_test - block: - name: HTTPSITES list is commented in minifirewall ansible.builtin.replace: dest: "/etc/default/minifirewall" regexp: "^(HTTPSITES='[^0-9])" replace: '#\1' notify: restart minifirewall - name: all HTTPSITES are authorized in minifirewall ansible.builtin.lineinfile: dest: "/etc/default/minifirewall" line: "HTTPSITES='0.0.0.0/0'" regexp: "HTTPSITES='.*'" insertafter: "^#HTTPSITES=" notify: restart minifirewall # The PROXY variable means that minifirewall is "modern" - name: Look for PROXY variable ansible.builtin.shell: cmd: "grep -E '^\\s*PROXY=' /etc/default/minifirewall" failed_when: False changed_when: False check_mode: False register: _minifirewall_proxy_var_check - name: Set proxy configuration for minifirewall (legacy mode) ansible.builtin.lineinfile: dest: "/etc/default/minifirewall" regexp: "^#? *{{ item }}" line: "{{ item }}" insertafter: "^# Proxy" loop: - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT" - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT" - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888" notify: restart minifirewall when: _minifirewall_proxy_var_check.rc == 1 - name: remove minifirewall example rule for the proxy (legacy mode) ansible.builtin.lineinfile: dest: "/etc/default/minifirewall" regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)' state: absent notify: restart minifirewall when: _minifirewall_proxy_var_check.rc == 1 - name: Set proxy configuration for minifirewall (modern mode) ansible.builtin.replace: dest: "/etc/default/minifirewall" replace: "PROXY='on'" regexp: "PROXY='.*'" notify: restart minifirewall when: _minifirewall_proxy_var_check.rc == 0 when: minifirewall_test.stat.exists