2022-11-24 10:21:06 +01:00
|
|
|
---
|
|
|
|
# tasks file for iptables-samba
|
|
|
|
|
2023-01-13 18:01:41 +01:00
|
|
|
- ansible.builtin.debug:
|
|
|
|
msg: "ENABLED = {{ samba_enabled }}; iptables-samba role"
|
2022-11-24 10:21:06 +01:00
|
|
|
|
2023-01-13 18:01:41 +01:00
|
|
|
- name: Allow/ disallow new, established packets on TCP Samba ports
|
|
|
|
ansible.builtin.iptables:
|
|
|
|
chain: INPUT
|
|
|
|
protocol: tcp
|
|
|
|
state: "{{ 'present' if samba_enabled is true else 'absent' }}"
|
|
|
|
destination_port: "{{ item }}"
|
|
|
|
ctstate: NEW,ESTABLISHED
|
|
|
|
jump: ACCEPT
|
|
|
|
with_items: '{{ samba_ports }}'
|
|
|
|
|
|
|
|
- name: Allow/ disallow new, established packets on UDP Samba ports
|
|
|
|
ansible.builtin.iptables:
|
|
|
|
chain: INPUT
|
|
|
|
protocol: udp
|
|
|
|
state: "{{ 'present' if samba_enabled is true else 'absent' }}"
|
|
|
|
destination_port: "{{ item }}"
|
|
|
|
ctstate: NEW,ESTABLISHED
|
|
|
|
jump: ACCEPT
|
|
|
|
with_items: '{{ samba_ports }}'
|
|
|
|
|
|
|
|
- name: iptables-persistent
|
|
|
|
ansible.builtin.include_role:
|
|
|
|
name: iptables-persistent
|