Add iptables rules and run install check conditionally

2020-04-08 03:31:07 +02:00 · 2020-04-08 03:31:07 +02:00 · fbc0c98fe3
parent c5b26678d6
commit fbc0c98fe3
2 changed files with 38 additions and 0 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -20,3 +20,8 @@
  notify:
        - Enable unbound
        - Set unbound as default dns
+- name: Save netfilter rules
+  command:
+        argv:
+                - '/usr/sbin/netfilter-persitent'
+                - 'save'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -12,3 +12,36 @@
        state: present
        cache_valid_time: 3600
  notify: Disable systemd-resolved
+  when: unbound|bool == true
+- name: Allow Unbound TCP through iptables
+  loop:
+          - ipv4
+          - ipv6
+  iptables:
+          chain: INPUT
+          ctstate:
+                  - NEW
+                  - ESTABLISHED
+                  - RELATED
+          destination_port: "53"
+          jump: ACCEPT
+          ip_version: '{{ item }}'
+          protocol: tcp
+  notify:
+          - Save netfilter rules
+- name: Allow Unbound UDP through iptables
+  loop:
+          - ipv4
+          - ipv6
+  iptables:
+          chain: INPUT
+          ctstate:
+                  - NEW
+                  - ESTABLISHED
+                  - RELATED
+          destination_port: "53"
+          jump: ACCEPT
+          ip_version: '{{ item }}'
+          protocol: udp
+  notify:
+          - Save netfilter rules