aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/ufw/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/ufw/tasks/main.yml')
-rw-r--r--ansible/roles/ufw/tasks/main.yml26
1 files changed, 11 insertions, 15 deletions
diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml
index 0579f0a..b6a963b 100644
--- a/ansible/roles/ufw/tasks/main.yml
+++ b/ansible/roles/ufw/tasks/main.yml
@@ -2,17 +2,21 @@
- ufw
become: yes
block:
- - when:
- notify: ufw reload
+ - notify: ufw reload
+ vars:
+ state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+ nat:
+ address: "{{ ufw__nat_address if ufw__nat_address is defined else '' }}"
+ prefix: "{{ ufw__nat_prefix if ufw__nat_prefix is defined else '' }}"
blockinfile:
path: /etc/ufw/before.rules
insertbefore: "^# Don't delete these required lines"
marker: "# NAT config: {mark}"
- state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}"
+ state: "{{ state }}"
content: |
*nat
:POSTROUTING ACCEPT [0:0]
- -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE
+ -A POSTROUTING -s {{ nat.address }}/{{ nat.prefix }} -o eth0 -j MASQUERADE
COMMIT
- notify: ufw reload
@@ -33,14 +37,6 @@
- ufw:
state: enabled
-# - ufw:
-# default: allow
-# direction: out
-
-# - ufw:
-# policy: deny
-# direction: out
-
-# - ufw:
-# policy: allow
-# direction: routed
+ - ufw:
+ name: OpenSSH
+ rule: allow