forked from FF-RGB/ansible
Add IPv4 exit via NAT
This commit is contained in:
parent
b9efe6c8be
commit
c05c0cafcd
4
roles/exit-ipv4/handlers/main.yml
Normal file
4
roles/exit-ipv4/handlers/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Reload iptables
|
||||||
|
shell: iptables-restore < /etc/iptables/rules.v4
|
8
roles/exit-ipv4/tasks/main.yml
Normal file
8
roles/exit-ipv4/tasks/main.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Install iptables-persistent
|
||||||
|
apt: name=iptables-persistent state=present
|
||||||
|
|
||||||
|
- name: Configure iptables
|
||||||
|
template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
|
||||||
|
notify: Reload iptables
|
13
roles/exit-ipv4/templates/rules.v4.j2
Normal file
13
roles/exit-ipv4/templates/rules.v4.j2
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
*nat
|
||||||
|
:PREROUTING ACCEPT [1:136]
|
||||||
|
:INPUT ACCEPT [1:136]
|
||||||
|
:OUTPUT ACCEPT [2:472]
|
||||||
|
:POSTROUTING ACCEPT [0:0]
|
||||||
|
-A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
COMMIT
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT [1124:131621]
|
||||||
|
:FORWARD ACCEPT [0:0]
|
||||||
|
:OUTPUT ACCEPT [1151:175226]
|
||||||
|
COMMIT
|
Loading…
Reference in New Issue
Block a user