aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/ufw/tasks/main.yml
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-12-27 23:36:24 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2018-12-27 23:36:24 +0100
commitfbcf643e474edce8e42b12ea383ec8ebeb4c9ff5 (patch)
treea26f131821832d53b02343ca3094fdbac9e37954 /ansible/roles/ufw/tasks/main.yml
parent41fe17ca222da77fb860374adc915a4ca3b2c573 (diff)
downloadinfra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.tar.gz
infra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.tar.bz2
infra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.tar.xz
infra-fbcf643e474edce8e42b12ea383ec8ebeb4c9ff5.zip
ufw
Diffstat (limited to 'ansible/roles/ufw/tasks/main.yml')
-rw-r--r--ansible/roles/ufw/tasks/main.yml34
1 files changed, 34 insertions, 0 deletions
diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml
new file mode 100644
index 0000000..e66ef58
--- /dev/null
+++ b/ansible/roles/ufw/tasks/main.yml
@@ -0,0 +1,34 @@
+- tags:
+ - ufw
+ become: yes
+ block:
+ - when: ufw__nat_address is defined
+ blockinfile:
+ path: /etc/ufw/before.rules
+ insertbefore: "^# Don't delete these required lines"
+ content: |
+ # NAT table rules
+ *nat
+ :POSTROUTING ACCEPT [0:0]
+
+ # Forward traffic through eth0 - Change to match you out-interface
+ -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE
+
+ # don't delete the 'COMMIT' line or these nat table rules won't
+ # be processed
+ COMMIT
+
+# - ufw:
+# state: enabled
+
+# - ufw:
+# default: allow
+# direction: out
+
+# - ufw:
+# policy: deny
+# direction: out
+
+# - ufw:
+# policy: allow
+# direction: routed