2017-03-27 21:00:03 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: Install iptables-persistent
|
2017-06-30 11:59:14 +02:00
|
|
|
apt: name=iptables-persistent
|
2017-03-27 21:00:03 +02:00
|
|
|
|
2020-02-20 09:45:46 +01:00
|
|
|
- name: Enable IPv4 routing (globally)
|
2017-03-27 23:47:16 +02:00
|
|
|
sysctl: name=net.ipv4.ip_forward value=1 state=present
|
|
|
|
|
|
2020-02-20 09:45:46 +01:00
|
|
|
- name: Enable IPv4 routing (primary interface)
|
|
|
|
|
sysctl: name=net.ipv4.conf.{{ ansible_default_ipv4.interface }}.forwarding value=1 state=present
|
|
|
|
|
|
2018-01-15 20:19:03 +01:00
|
|
|
- name: Load nf_conntrack module
|
|
|
|
|
modprobe: name=nf_conntrack
|
|
|
|
|
|
2018-01-18 12:52:12 +01:00
|
|
|
- name: Enable nf_conntrack during boot
|
|
|
|
|
lineinfile: dest=/etc/modules line=nf_conntrack
|
|
|
|
|
|
2018-01-24 00:30:43 +01:00
|
|
|
- name: Increase conntrack limit
|
2017-03-27 23:47:16 +02:00
|
|
|
sysctl: name=net.netfilter.nf_conntrack_max value={{ conntrack_max }} state=present
|
|
|
|
|
|
2017-03-27 21:00:03 +02:00
|
|
|
- name: Configure iptables
|
|
|
|
|
template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
|
|
|
|
|
notify: Reload iptables
|
2018-07-21 02:02:32 +02:00
|
|
|
|
|
|
|
|
- name: Configure ip6tables
|
|
|
|
|
template: src=rules.v6.j2 dest=/etc/iptables/rules.v6
|
|
|
|
|
notify: Reload ip6tables
|
