stouts / stouts.iptables Goto Github PK

When I define:

iptables_raw_rules:
- -A INPUT -p tcp -m tcp --dport 3422 -j ACCEPT

It creates this:

# Raw roles
-A INPUT -p tcp -m tcp --dport 3422 -j ACCEPT

And results in this:

/etc/iptables.rules: line 26: -A: command not found

If I change templates/etc/iptables.rules.j2 from

# Raw roles
{% for rule in iptables_raw_rules %}
{{rule}}
{% endfor %}

to

# Raw roles
{% for rule in iptables_raw_rules %}
iptables {{rule}}
{% endfor %}

It works.

Hello,
the var iptables_rules_path in vars/Debian.yml (file being included by taks/iptables.yml) will take precedence over custom vars defined in playbook. In fact my iptables_rules_path set in the playbook was not taken into account at all.

with iptables-save I have a rule set like so:

-*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
 -A PREROUTING -p tcp -m tcp --dport 843 -j REDIRECT --to-ports 1843
 -A PREROUTING -p tcp -m tcp --dport 81 -j REDIRECT --to-ports 6080
-COMMIT
-# Completed on Fri Jun 13 11:42:13 2014

If I create iptables_raw_rules: like so:

- -A PREROUTING -p tcp -m tcp --dport 843 -j REDIRECT --to-ports 1843
- -A PREROUTING -p tcp -m tcp --dport 81 -j REDIRECT --to-ports 6080

It results in an error like:

iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

Not certain how to create support for this in your role.

Hi!
Are there any options to define port range other then via raw rule?

Hello.

I've found that there is incorrect link in badge to Ansible galaxy.

Now:

https://galaxy.ansible.com/list#/roles/920

Should be:

https://galaxy.ansible.com/Stouts/iptables

Hello

can you please help me with a small issue i have? I have your role and it works perfect but i want to edit it to open or close ports for different hosts

for example , all hosts in [web] to have 80 open and all other ports closed

all hosts in [test] to have only 22 open and all others closed

So , can you show how this can be done please ?
thanks

I must be missing something obvious but I'm confused why the iptables service isn't being managed or restarted when /etc/iptables.rules is modified? Instead, we're just shelling out? What about surviving a reboot?

It would be nice to have support for IPv6.

It's possible to add a tag for add your role with version number like that :

ansible-galaxy install Stouts.iptables,1.0.0

Hello.

Please update version in Ansible galaxy to latest version, from 1.1.1 → 1.1.2
https://galaxy.ansible.com/Stouts/iptables/