diff options
Diffstat (limited to 'ansible/roles')
-rw-r--r-- | ansible/roles/ufw/handlers/main.yml | 4 | ||||
-rw-r--r-- | ansible/roles/ufw/tasks/main.yml | 24 |
2 files changed, 22 insertions, 6 deletions
diff --git a/ansible/roles/ufw/handlers/main.yml b/ansible/roles/ufw/handlers/main.yml new file mode 100644 index 0000000..47f79ef --- /dev/null +++ b/ansible/roles/ufw/handlers/main.yml @@ -0,0 +1,4 @@ +- name: ufw reload + become: yes + ufw: + state: reloaded diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml index b372eb7..0579f0a 100644 --- a/ansible/roles/ufw/tasks/main.yml +++ b/ansible/roles/ufw/tasks/main.yml @@ -2,20 +2,32 @@ - ufw become: yes block: - - when: ufw__nat_address is defined + - when: + notify: ufw reload blockinfile: path: /etc/ufw/before.rules insertbefore: "^# Don't delete these required lines" + marker: "# NAT config: {mark}" + state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}" content: | - # NAT table rules *nat :POSTROUTING ACCEPT [0:0] - - # Forward traffic through eth0 - Change to match you out-interface -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE + COMMIT - # don't delete the 'COMMIT' line or these nat table rules won't - # be processed + - notify: ufw reload + vars: + forwardings: "{{ ufw__port_forwardings if ufw__port_forwardings is defined else [] }}" + blockinfile: + path: /etc/ufw/before.rules + insertbefore: "^# Don't delete these required lines" + marker: "# Port forwarding: {mark}" + state: "{{ 'present' if ufw__port_forwardings is defined else 'absent' }}" + content: | + *nat + {% for pf in forwardings %} + -A PREROUTING -i eth0 {{ " -d" + pf.addr if pf.addr is defined else "" }} -p {{ pf.proto if pf.proto is defined else "tcp" }} --dport {{ pf.port }} -j DNAT --to-destination {{ pf.to }}:{{ pf.to_port if pf.to_port is defined else pf.port }} + {% endfor %} COMMIT - ufw: |