--- - name: Check if Minifirewall is present stat: path: "/etc/default/minifirewall" check_mode: no register: minifirewall_test - block: - name: HTTPSITES list is commented in minifirewall replace: dest: "/etc/default/minifirewall" regexp: "^(HTTPSITES='[^0-9])" replace: '#\1' notify: restart minifirewall - name: all HTTPSITES are authorized in minifirewall lineinfile: dest: "/etc/default/minifirewall" line: "HTTPSITES='0.0.0.0/0'" regexp: "HTTPSITES='.*'" insertafter: "^#HTTPSITES=" notify: restart minifirewall # The PROXY variable means that minifirewall is "modern" - name: Look for PROXY variable shell: "grep -E '^\\s*PROXY=' /etc/default/minifirewall" failed_when: False changed_when: False check_mode: False register: _minifirewall_proxy_var_check - name: Set proxy configuration for minifirewall (legacy mode) lineinfile: dest: "/etc/default/minifirewall" regexp: "^#? *{{ item }}" line: "{{ item }}" insertafter: "^# Proxy" loop: - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT" - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT" - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT" - "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888" notify: restart minifirewall when: _minifirewall_proxy_var_check.rc == 1 - name: remove minifirewall example rule for the proxy (legacy mode) lineinfile: dest: "/etc/default/minifirewall" regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)' state: absent notify: restart minifirewall when: _minifirewall_proxy_var_check.rc == 1 - name: Set proxy configuration for minifirewall (modern mode) replace: dest: "/etc/default/minifirewall" replace: "PROXY='on'" regexp: "PROXY='.*'" notify: restart minifirewall when: _minifirewall_proxy_var_check.rc == 0 when: minifirewall_test.stat.exists