ansible/roles/geerlingguy.firewall/tasks/main.yml
---
- name: Ensure iptables is present.
package: name=iptables state=present
- name: Flush iptables the first time playbook runs.
command: >
iptables -F
creates=/etc/firewall.bash
- name: Copy firewall script into place.
template:
src: firewall.bash.j2
dest: /etc/firewall.bash
owner: root
group: root
mode: 0744
notify: restart firewall
- name: Copy firewall init script into place.
template:
src: firewall.init.j2
dest: /etc/init.d/firewall
owner: root
group: root
mode: 0755
when: "ansible_service_mgr != 'systemd'"
- name: Copy firewall systemd unit file into place (for systemd systems).
template:
src: firewall.unit.j2
dest: /etc/systemd/system/firewall.service
owner: root
group: root
mode: 0644
when: "ansible_service_mgr == 'systemd'"
- name: Configure the firewall service.
service:
name: firewall
state: "{{ firewall_state }}"
enabled: "{{ firewall_enabled_at_boot }}"
- import_tasks: disable-other-firewalls.yml
when: firewall_disable_firewalld or firewall_disable_ufw