library/roles/iptables/tasks/main.yml: Start the iptables rules immediately after a new set of rules is installed.

2016-07-12 16:29:52 +02:00 · 2016-07-12 16:29:52 +02:00 · b53163a875
parent ebe5e5e79f
commit b53163a875
1 changed files with 14 additions and 3 deletions
--- a/iptables/tasks/main.yml
+++ b/iptables/tasks/main.yml
@ -34,7 +34,7 @@
    - rules.v4
    - rules.v6
  when: is_trusty
-  notify: Start the iptables service
+  register: install_iptables_rules
  tags: [ 'iptables', 'iptables_rules' ]

 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 7
@ -43,7 +43,7 @@
    - rules.v4
    - rules.v6
  when: is_debian7
-  notify: Start the iptables service
+  register: install_iptables_rules
  tags: [ 'iptables', 'iptables_rules' ]

 - name: Install the IPv4 and IPv6 iptables rules. The IPv6 ones are not used. On debian 8
@ -52,6 +52,17 @@
    - rules.v4
    - rules.v6
  when: is_debian8
-  notify: Start the netfilter service
+  register: install_netfilter_rules
  tags: [ 'iptables', 'iptables_rules' ]

+- name: Start the iptables service immediately after the new rules have been installed. This can have an impact on other tasks
+  service: name=iptables-persistent state=restarted enabled=yes
+  notify: Restart fail2ban
+  when: ( install_iptables_rules | changed )
+  tags: [ 'iptables', 'iptables_rules' ]
+
+- name: Start the netfilter service immediately after the new rules have been installed. This can have an impact on other tasks
+  service: name=netfilter-persistent state=restarted enabled=yes
+  notify: Restart fail2ban
+  when: ( install_netfilter_rules | changed )
+  tags: [ 'iptables', 'iptables_rules' ]