#
# Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
#
- sysctl:
    name: net.ipv4.ip_forward
    value: 1
    sysctl_set: yes
- sysctl:
    name: net.ipv6.conf.all.forwarding
    value: 1
    sysctl_set: yes
- sysctl:
    name: net.ipv4.conf.all.send_redirects
    value: 0
    sysctl_set: yes

- name: Allow MITM private port
  iptables:
    chain: INPUT
    action: insert
    rule_num: 10
    protocol: tcp
    destination_port: "{{ mitm_port }}"
    ctstate: NEW
    syn: match
    jump: ACCEPT
    comment: Accept new local TCP DNS connections on private port
  become: yes
  tags: algo_related

- name: Setup for MITM and save iptables
  block:
    - name: save iptables rules
      shell: iptables-save > /etc/iptables/rules.v4
      become: yes

    - name: save iptables v6 rules
      shell: ip6tables-save > /etc/iptables/rules.v6
      become: yes
  tags: always