bubblev
/
bubble
9
0
Forkuj 0
Kod Zgłoszenia 0 Oczekujące zmiany 0 Wydania 130 Wiki Aktywność
The main Bubble source repository. Contains the Bubble API server, the web UI, documentation and utilities. https://getbubblenow.com
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
493 Commity
10 Gałęzie
66 MiB
 
 
 
 
Drzewo: a15024cb21
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'a15024cb21'
${ noResults }
bubble/automation/roles/firewall/tasks/main.yml

119 wiersze
2.4 KiB
Czysty Wina Historia 

  1. - name: Install firewall packages

  2.   apt:

  3.     name: [ 'haveged', 'iptables-persistent', 'netfilter-persistent', 'autossh' ]

  4.     state: present

  5.     update_cache: yes

  6. 

  7. - name: Flush iptables

  8.   iptables:

  9.     flush: true

  10.   become: yes

  11. 

  12. - name: Flush INPUT chain

  13.   iptables:

  14.     chain: INPUT

  15.     flush: yes

  16.   become: yes

  17. 

  18. - name: Flush OUTPUT chain

  19.   iptables:

  20.     chain: OUTPUT

  21.     flush: yes

  22.   become: yes

  23. 

  24. - name: Flush iptables nat table

  25.   iptables:

  26.     flush: yes

  27.     table: nat

  28.   become: yes

  29. 

  30. - name: Flush iptables mangle table

  31.   iptables:

  32.     flush: true

  33.     table: mangle

  34.   become: yes

  35. 

  36. - name: Flush iptables raw table

  37.   iptables:

  38.     flush: true

  39.     table: raw

  40.   become: yes

  41. 

  42. - name: Flush OUTPUT chain NAT table

  43.   iptables:

  44.     chain: OUTPUT

  45.     table: nat

  46.     flush: yes

  47.   become: yes

  48. 

  49. - name: Flush FORWARD chain

  50.   iptables:

  51.     chain: FORWARD

  52.     flush: yes

  53.   become: yes

  54. 

  55. - name: Flush PREROUTING chain NAT Table

  56.   iptables:

  57.     chain: PREROUTING

  58.     table: nat

  59.     flush: yes

  60.   become: yes

  61. 

  62. - name: Delete ufw chains

  63.   command: "bash -c 'iptables -F {{ item }} && iptables -X {{ item }} || echo \"chain not found: {{ item }}\"'"

  64.   with_items:

  65.     - ufw-after-forward

  66.     - ufw-after-input

  67.     - ufw-after-logging-forward

  68.     - ufw-after-logging-input

  69.     - ufw-after-logging-output

  70.     - ufw-after-output

  71.     - ufw-before-forward

  72.     - ufw-before-input

  73.     - ufw-before-logging-forward

  74.     - ufw-before-logging-input

  75.     - ufw-before-logging-output

  76.     - ufw-before-output

  77.     - ufw-reject-forward

  78.     - ufw-reject-input

  79.     - ufw-reject-output

  80.     - ufw-track-forward

  81.     - ufw-track-input

  82.     - ufw-track-output

  83. 

  84. - name: Install port manager

  85.   copy:

  86.     src: bubble_peer_manager.py

  87.     dest: /usr/local/bin/bubble_peer_manager.py

  88.     owner: root

  89.     group: root

  90.     mode: 0555

  91.   when: fw_enable_admin

  92. 

  93. - name: Install supervisor conf file for port manager

  94.   copy:

  95.     src: supervisor_bubble_peer_manager.conf

  96.     dest: /etc/supervisor/conf.d/bubble_peer_manager.conf

  97.   when: fw_enable_admin

  98. 

  99. - include: sage.yml

  100.   when: install_type == 'sage'

  101. 

  102. - name: Creates /etc/iptables directory

  103.   file:

  104.     path: /etc/iptables

  105.     state: directory

  106. 

  107. - name: save iptables v4 rules

  108.   shell: iptables-save > /etc/iptables/rules.v4

  109.   become: yes

  110. 

  111. - name: save iptables v6 rules

  112.   shell: ip6tables-save > /etc/iptables/rules.v6

  113.   become: yes

  114. 

  115. - supervisorctl:

  116.     name: bubble_peer_manager

  117.     state: restarted

  118.   when: fw_enable_admin