Merge pull request 'update zram roles; add zoreide role' (#13) from claudiomaradonna/configurations-ansible:master into master

Reviewed-on: unitoo/configurations-ansible#13

roles/hardening-basic/defaults/main.yml

@@ -7,7 +7,7 @@ hardening_sshd_tcp_forward: false
 hardening_sshd_legal_banner: false
 hardening_sshd_permissions_set_sticky_bit: true
 
-hardening_sysctl_vm_swappiness: 0
+hardening_sysctl_vm_swappiness: 15
 hardening_sysctl_disable_ipv6: false
 
 hardening_modprobe_disable_list:

roles/hardening-basic/templates/basic/etc/sysctl.d/50-coredump.conf

@@ -1 +0,0 @@
-kernel.core_pattern=|/bin/false

roles/zoreide/tasks/main.yml

@@ -84,15 +84,18 @@
 
 - name: Configure iptables
   when:
-    - 'zoreide_enabled is true'
+    - "zoreide_enabled is true"
     - "ansible_facts.services['iptables.service'] is defined"
-  ansible.builtin.iptables:
+  block:
-    chain: INPUT
+    - name: Allow related and established connections
-    protocol: udp
+      ansible.builtin.iptables:
-    destination_port: "{{ zoreide_ha_port }}"
+        chain: INPUT
-    ctstate: NEW
+        protocol: udp
-    jump: ACCEPT
+        destination_port: "{{ zoreide_ha_port }}"
-    comment: Zoreide HA Port
+        ctstate: NEW
+        syn: match
+        jump: ACCEPT
+        comment: Zoreide HA Port
 
 - name: Save rules with iptables-persistent v6
   ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4