|
|
@@ -3,39 +3,41 @@ |
|
|
|
# |
|
|
|
# Insert additional firewall rules to allow required services to function |
|
|
|
# Insert them all on rule_num 5, and insert them in reverse order here: |
|
|
|
- name: Allow HTTPS on port {{ item }} |
|
|
|
- name: Allow SSH |
|
|
|
iptables: |
|
|
|
chain: INPUT |
|
|
|
action: used_iptabples_action |
|
|
|
rule_num: 5 |
|
|
|
protocol: tcp |
|
|
|
destination_port: {{ item }} |
|
|
|
destination_port: 22 |
|
|
|
ctstate: NEW |
|
|
|
syn: match |
|
|
|
jump: ACCEPT |
|
|
|
comment: Accept new HTTPS ({{ item }}) connections |
|
|
|
with_items: |
|
|
|
- 1443 |
|
|
|
- 443 |
|
|
|
comment: Accept new SSH connections |
|
|
|
become: yes |
|
|
|
|
|
|
|
- name: Allow HTTP on port {{ item }} |
|
|
|
- name: "Allow HTTP on port {{ item }}" |
|
|
|
iptables: |
|
|
|
chain: INPUT |
|
|
|
action: used_iptabples_action |
|
|
|
rule_num: 5 |
|
|
|
protocol: tcp |
|
|
|
destination_port: {{ item }} |
|
|
|
destination_port: "{{ item }}" |
|
|
|
ctstate: NEW |
|
|
|
syn: match |
|
|
|
jump: ACCEPT |
|
|
|
comment: Accept new HTTP ({{ item }}) connections |
|
|
|
comment: "Accept new HTTP ({{ item }}) connections" |
|
|
|
with_items: |
|
|
|
- 1080 |
|
|
|
- 80 |
|
|
|
- 1080 |
|
|
|
become: yes |
|
|
|
|
|
|
|
- name: Restart iptables |
|
|
|
service: |
|
|
|
name: netfilter-persistent |
|
|
|
state: restarted |
|
|
|
- name: "Allow HTTPS on port {{ item }}" |
|
|
|
iptables: |
|
|
|
chain: INPUT |
|
|
|
protocol: tcp |
|
|
|
destination_port: "{{ item }}" |
|
|
|
ctstate: NEW |
|
|
|
syn: match |
|
|
|
jump: ACCEPT |
|
|
|
comment: "Accept new HTTPS ({{ item }}) connections" |
|
|
|
with_items: |
|
|
|
- 443 |
|
|
|
- 1443 |
|
|
|
become: yes |