configurations-ansible/roles/iptables-webserver/tasks/main.yml

23 lines
751 B
YAML

---
# tasks file for iptables-webserver
- ansible.builtin.debug:
msg: "ENABLED = {{ iptables_webserver_enabled }}; PORTS = {{ iptables_webserver_ports }}; iptables-webserver role"
- when:
- "is_docker is not true"
block:
- name: Allow new, established packets on TCP ports 80/443 (Webserver)
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
state: "{{ 'present' if iptables_webserver_enabled is true else 'absent' }}"
destination_port: "{{ item }}"
ctstate: NEW,ESTABLISHED
jump: ACCEPT
comment: Webserver dedicated port
loop: "{{ iptables_webserver_ports }}"
- name: iptables-persistent
ansible.builtin.include_role:
name: iptables-persistent