Skip to content
Snippets Groups Projects
Select Git revision
  • main default
  • stable
  • v13.1.0
  • v13.0.0
  • v12.3.0
  • v12.2.0
  • debian-11-end
  • nudgis-10.3.0
  • nudgis-10.2.1
  • nudgis-10.1.2
  • nudgis-10.1.1
11 results
Blame Permalink
firewall-rules.yml 1.54 KiB 
#!/usr/bin/env ansible-playbook
---
- name: GATHER ALL FACTS
  hosts: all
  tasks:
    - name: ensure python3 is installed
      register: python_install
      changed_when: "'es_pyinstall' in python_install.stdout_lines"
      ansible.builtin.raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt iproute2
      tags: always

- name: SET PORTS TO LISTEN
  hosts: all
  gather_facts: false
  tasks:
    - name: Set vars
      ansible.builtin.include_vars:
        file: ressources/firewall/rules.yml

    - name: listen ports
      ansible.builtin.include_tasks: ressources/firewall/listen.yml
      # loop over listen vars (named outer_item) and call firewall-listen
      loop: "{{ listen }}"
      loop_control:
        loop_var: outer_item
      # execute loop only when group exists and host is in listen.groupname
      when: (outer_item.groupname in groups) and (inventory_hostname in groups[outer_item.groupname])

- name: TEST FIREWALL RULES
  hosts: all
  gather_facts: false
  tasks:
    - name: Set vars
      ansible.builtin.include_vars:
        file: ressources/firewall/rules.yml

    - name: test rules
      ansible.builtin.include_tasks: ressources/firewall/test-rule.yml
      # loop over listen vars (named outer_item) and call firewall-listen
      loop: "{{ test }}"
      loop_control:
        loop_var: outer_item
      # execute loop only when group exists and host is in listen.groupname_src
      when: (outer_item.groupname_src in groups) and (inventory_hostname in groups[outer_item.groupname_src])