diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2018-12-27 23:36:24 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-12-27 23:36:24 +0100 |
| commit | fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5 (patch) | |
| tree | a26f131821832d53b02343ca3094fdbac9e37954 /ansible/roles/ufw/tasks/main.yml | |
| parent | 41fe17ca222da77fb860374adc915a4ca3b2c573 (diff) | |
| download | infra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.tar.gz infra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.tar.bz2 infra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.tar.xz infra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.zip | |
ufw
Diffstat (limited to 'ansible/roles/ufw/tasks/main.yml')
| -rw-r--r-- | ansible/roles/ufw/tasks/main.yml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml new file mode 100644 index 0000000..e66ef58 --- /dev/null +++ b/ansible/roles/ufw/tasks/main.yml @@ -0,0 +1,34 @@ +- tags: + - ufw + become: yes + block: + - when: ufw__nat_address is defined + blockinfile: + path: /etc/ufw/before.rules + insertbefore: "^# Don't delete these required lines" + content: | + # NAT table rules + *nat + :POSTROUTING ACCEPT [0:0] + + # Forward traffic through eth0 - Change to match you out-interface + -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE + + # don't delete the 'COMMIT' line or these nat table rules won't + # be processed + COMMIT + +# - ufw: +# state: enabled + +# - ufw: +# default: allow +# direction: out + +# - ufw: +# policy: deny +# direction: out + +# - ufw: +# policy: allow +# direction: routed |