#
# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
#
- sysctl:
    name: net.ipv4.ip_forward
    value: 1
    sysctl_set: yes
- sysctl:
    name: net.ipv6.conf.all.forwarding
    value: 1
    sysctl_set: yes
- sysctl:
    name: net.ipv4.conf.all.send_redirects
    value: 0
    sysctl_set: yes

- name: "Allow MITM private port"
  iptables:
    chain: INPUT
    action: insert
    rule_num: 10
    protocol: tcp
    destination_port: "{{ mitm_port }}"
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new local TCP DNS connections on private port
  become: yes

- name: Route port 80 through mitmproxy
  iptables:
    table: nat
    chain: PREROUTING
    action: insert
    rule_num: 1
    protocol: tcp
    destination_port: 80
    jump: REDIRECT
    to_ports: "{{ mitm_port }}"

- name: Route port 443 through mitmproxy
  iptables:
    table: nat
    chain: PREROUTING
    action: insert
    rule_num: 2
    protocol: tcp
    destination_port: 443
    jump: REDIRECT
    to_ports: "{{ mitm_port }}"

- name: save iptables rules
  shell: iptables-save > /etc/iptables/rules.v4
  become: yes

- name: save iptables v6 rules
  shell: ip6tables-save > /etc/iptables/rules.v6
  become: yes