ansible-roles/iptables/tasks/main.yml

---
- name: Install the needed iptables packages
  apt: pkg={{ item }} state=installed
  with_items:
    - iptables
    - iptables-persistent
  tags: iptables

- name: Create the /etc/iptables directory when needed
  file: dest=/etc/iptables state=directory owner=root group=root mode=0755
  when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
  tags: iptables
  
- name: Install the IPv4 rules with a different name. Needed by Ubuntu < 12.04
  template: src=iptables-{{ item }}.j2 dest=/etc/iptables/rules owner=root group=root mode=0640
  with_items:
    - rules.v4
  when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6
  notify: Start the iptables service on Ubuntu < 12.04
  tags: [ 'iptables', 'iptables_rules' ]

- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On precise
  template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
  with_items:
    - rules.v4
    - rules.v6
  when: is_precise
  notify: Start the iptables service
  tags: [ 'iptables', 'iptables_rules' ]

- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty
  template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
  with_items:
    - rules.v4
    - rules.v6
  when: is_trusty
  register: install_iptables_rules
  tags: [ 'iptables', 'iptables_rules' ]

- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
  template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
  with_items:
    - rules.v4
    - rules.v6
  when: is_debian7
  register: install_iptables_rules
  tags: [ 'iptables', 'iptables_rules' ]

- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
  template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640
  with_items:
    - rules.v4
    - rules.v6
  when: is_debian8
  register: install_netfilter_rules
  tags: [ 'iptables', 'iptables_rules' ]

- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks
  service: name=iptables-persistent state=restarted enabled=yes
  notify: Restart fail2ban
  when: ( install_iptables_rules | changed )
  tags: [ 'iptables', 'iptables_rules' ]

- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks
  service: name=netfilter-persistent state=restarted enabled=yes
  notify: Restart fail2ban
  when: ( install_netfilter_rules | changed )
  tags: [ 'iptables', 'iptables_rules' ]
Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00			`---`
			`- name: Install the needed iptables packages`
			`apt: pkg={{ item }} state=installed`
			`with_items:`
			`- iptables`
			`- iptables-persistent`
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash. d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid. d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay. d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia. 2016-01-22 17:09:57 +01:00			`tags: iptables`
Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash. d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid. d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay. d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia. 2016-01-22 17:09:57 +01:00			`- name: Create the /etc/iptables directory when needed`
			`file: dest=/etc/iptables state=directory owner=root group=root mode=0755`
			`when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6`
			`tags: iptables`

Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00			`- name: Install the IPv4 rules with a different name. Needed by Ubuntu < 12.04`
			`template: src=iptables-{{ item }}.j2 dest=/etc/iptables/rules owner=root group=root mode=0640`
			`with_items:`
			`- rules.v4`
			`when: is_ubuntu_between_10_04_and_11_04_and_is_debian_6`
library: small fixes. d4science-gcube/roles/mediawiki_setup/templates/nginx-mediawiki.j2: First attempt at a nginx ssl config. 2015-06-14 23:39:13 +02:00			`notify: Start the iptables service on Ubuntu < 12.04`
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash. d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid. d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay. d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia. 2016-01-22 17:09:57 +01:00			`tags: [ 'iptables', 'iptables_rules' ]`
Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00
library/roles/iptables/tasks/main.yml: ugly fix for the distribution versions mess. library/roles/oracle-jdk/tasks/main.yml: now it installs on debian too. library/roles/php-fpm: Support saving sessions on memcache. Needs memcache (there's a role for it). library/roles/postfix-relay: Now it can be configured to permit unencrypted connections from the local clients. library/roles/users: Fix the sudo stuff. 2015-09-03 02:36:22 +02:00			`- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On precise`
Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00			`template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640`
			`with_items:`
			`- rules.v4`
			`- rules.v6`
library/roles/iptables/tasks/main.yml: ugly fix for the distribution versions mess. library/roles/oracle-jdk/tasks/main.yml: now it installs on debian too. library/roles/php-fpm: Support saving sessions on memcache. Needs memcache (there's a role for it). library/roles/postfix-relay: Now it can be configured to permit unencrypted connections from the local clients. library/roles/users: Fix the sudo stuff. 2015-09-03 02:36:22 +02:00			`when: is_precise`
			`notify: Start the iptables service`
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash. d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid. d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay. d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia. 2016-01-22 17:09:57 +01:00			`tags: [ 'iptables', 'iptables_rules' ]`
library/roles/iptables/tasks/main.yml: ugly fix for the distribution versions mess. library/roles/oracle-jdk/tasks/main.yml: now it installs on debian too. library/roles/php-fpm: Support saving sessions on memcache. Needs memcache (there's a role for it). library/roles/postfix-relay: Now it can be configured to permit unencrypted connections from the local clients. library/roles/users: Fix the sudo stuff. 2015-09-03 02:36:22 +02:00
			`- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On trusty`
			`template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640`
			`with_items:`
			`- rules.v4`
			`- rules.v6`
			`when: is_trusty`
library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed. 2016-07-12 16:29:52 +02:00			`register: install_iptables_rules`
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash. d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid. d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay. d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia. 2016-01-22 17:09:57 +01:00			`tags: [ 'iptables', 'iptables_rules' ]`
library/roles/iptables/tasks/main.yml: ugly fix for the distribution versions mess. library/roles/oracle-jdk/tasks/main.yml: now it installs on debian too. library/roles/php-fpm: Support saving sessions on memcache. Needs memcache (there's a role for it). library/roles/postfix-relay: Now it can be configured to permit unencrypted connections from the local clients. library/roles/users: Fix the sudo stuff. 2015-09-03 02:36:22 +02:00
			`- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7`
			`template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640`
			`with_items:`
			`- rules.v4`
			`- rules.v6`
			`when: is_debian7`
library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed. 2016-07-12 16:29:52 +02:00			`register: install_iptables_rules`
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash. d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid. d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay. d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia. 2016-01-22 17:09:57 +01:00			`tags: [ 'iptables', 'iptables_rules' ]`
library: small fixes. d4science-gcube/roles/mediawiki_setup/templates/nginx-mediawiki.j2: First attempt at a nginx ssl config. 2015-06-14 23:39:13 +02:00
			`- name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8`
			`template: src=iptables-{{ item }}.j2 dest=/etc/iptables/{{ item }} owner=root group=root mode=0640`
			`with_items:`
			`- rules.v4`
			`- rules.v6`
			`when: is_debian8`
library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed. 2016-07-12 16:29:52 +02:00			`register: install_netfilter_rules`
library/roles/postfix-relay/tasks/smtp-sasl-auth.yml: Fix the task that updates the hash. d4science-ghn-cluster/group_vars/portal_servers: Add the d4science portals to the ganglia grid. d4science-ghn-cluster/smtp-clients.yml: Add the task that creates the smtp accounts on the relay. d4science-ghn-cluster/portals.yml: Playbook that configures some parts of the portals distribution. smtp relay, iptables rules, ganglia. 2016-01-22 17:09:57 +01:00			`tags: [ 'iptables', 'iptables_rules' ]`
Major refactoring. Moved all the library roles under 'library/roles' and changed all the occurrances inside all the playbooks. 2015-05-28 11:32:57 +02:00
library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed. 2016-07-12 16:29:52 +02:00			`- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks`
			`service: name=iptables-persistent state=restarted enabled=yes`
			`notify: Restart fail2ban`
			`when: ( install_iptables_rules \| changed )`
			`tags: [ 'iptables', 'iptables_rules' ]`

			`- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks`
			`service: name=netfilter-persistent state=restarted enabled=yes`
			`notify: Restart fail2ban`
			`when: ( install_netfilter_rules \| changed )`
			`tags: [ 'iptables', 'iptables_rules' ]`