tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of adellam/ansible-roles into master

This commit is contained in:
Andrea Dell'Amico 2019-08-01 19:18:16 +02:00 committed by Gitea
parent 097f8445c0 bb1191d585
commit 3f900a72f5
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
library/roles/iptables/defaults/main.yml
View File

@ -46,6 +46,7 @@ iptables_deb_pkgs:
iptables_default_policy: ACCEPT
iptables_nat_enabled: False
iptables_nat_specify_interfaces: True
iptables_post_nat_enabled: False
iptables_nat_interfaces:
- '{{ ansible_default_ipv4.interface }}'
iptables_input_default_policy: '{{ iptables_default_policy }}'

15
library/roles/iptables/templates/iptables-rules.v4.j2
View File

@ -345,6 +345,7 @@
{% endif %}
COMMIT
{% if iptables_nat_enabled %}
# This should be obsoleted
# NAT rules
*nat
:PREROUTING ACCEPT [0:0]
@ -360,3 +361,17 @@ COMMIT
{% endif %}
COMMIT
{% endif %}
{% if iptables_post_nat_enabled %}
# NAT rules
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
{% for rule in iptables_nat_rules %}
-A POSTROUTING {{ rule.options }} -j {{ rule.action | default('MASQUERADE') }}
{% endfor %}
COMMIT
{% endif %}