Improved firewall loop

2020-04-14 22:51:57 +02:00 · 2020-04-14 22:51:57 +02:00 · e397c0d0d2
parent 4a229a4dc3
commit e397c0d0d2
1 changed files with 15 additions and 32 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -18,41 +18,24 @@
  tags:
        - setup
        - packages
- name: Allow Unbound TCP through iptables
+- name: Allow Unbound through iptables
  loop:
-          - ipv4
-          - ipv6
+        - { ipv: 'ipv4', proto: 'tcp' }
+        - { ipv: 'ipv6', proto: 'tcp' }
+        - { ipv: 'ipv4', proto: 'udp' }
+        - { ipv: 'ipv6', proto: 'udp' }
  iptables:
-          chain: INPUT
-          ctstate:
-                  - NEW
-                  - ESTABLISHED
-                  - RELATED
-          destination_port: "53"
-          jump: ACCEPT
-          ip_version: '{{ item }}'
-          protocol: tcp
+        chain: INPUT
+        ctstate:
+                - NEW
+                - ESTABLISHED
+                - RELATED
+        destination_port: "53"
+        jump: ACCEPT
+        ip_version: '{{ item.ipv }}'
+        protocol: '{{ item.proto }}'
  notify:
-          - Save netfilter rules
-  tags:
-        - update
-        - firewall
- name: Allow Unbound UDP through iptables
-  loop:
-          - ipv4
-          - ipv6
-  iptables:
-          chain: INPUT
-          ctstate:
-                  - NEW
-                  - ESTABLISHED
-                  - RELATED
-          destination_port: "53"
-          jump: ACCEPT
-          ip_version: '{{ item }}'
-          protocol: udp
-  notify:
-          - Save netfilter rules
+        - Save netfilter rules
  tags:
        - update
        - firewall