mirror of
https://github.com/de-it-krachten/ansible-role-iptables
synced 2026-05-14 11:51:42 +00:00
No description
- Jinja 100%
fe2b239557
# [1.8.0](https://github.com/de-it-krachten/ansible-role-iptables/compare/v1.7.0...v1.8.0) (2026-03-15) ### Features * Added support for Fedora 43 ([ |
||
|---|---|---|
| .github/workflows | ||
| defaults | ||
| meta | ||
| molecule/default | ||
| tasks | ||
| templates | ||
| .ansible-lint | ||
| .cicd | ||
| .cicd.overwrite | ||
| .collections | ||
| .gitignore | ||
| .releaserc.yml | ||
| .roles | ||
| .yamllint | ||
| CHANGELOG.md | ||
| README.md | ||
ansible-role-iptables
Sets up iptables and applies a default rule set.
For RedHat/CentOS, it will disable firewalld.
On Alpine, it depends on the presence of OpenRC.
Dependencies
Roles
None
Collections
None
Platforms
Supported platforms
- Red Hat Enterprise Linux 81
- Red Hat Enterprise Linux 91
- Red Hat Enterprise Linux 101
- RockyLinux 8
- RockyLinux 9
- RockyLinux 10
- OracleLinux 8
- OracleLinux 9
- OracleLinux 10
- AlmaLinux 8
- AlmaLinux 9
- AlmaLinux 10
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
- Debian 13 (Trixie)
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 24.04 LTS
- Fedora 42
- Fedora 43
- Alpine 3
Note: 1 : no automated testing is performed on these platforms
Role Variables
defaults/main.yml
# Set-up iptables from template
iptables_setup: true
# Set-up iptables in persistant manner
iptables_persistent: true
# Flush active rules before applying default set
iptables_flush: false
# Allow server to be ping'ed
iptables_allow_icmp: true
# Allow access using loopback to by-pass iptables
iptables_allow_loopback: true
# Default access
iptables_chains:
- { name: OUTPUT, policy: ACCEPT }
- { name: INPUT, policy: DROP }
- { name: FORWARD, policy: DROP }
# Default ports to be opened
iptables_incoming_rules:
- { port: 22, proto: tcp }
defaults/family-Alpine.yml
# List of packages to install
iptables_packages:
- iptables
- iptables-openrc
# name of the iptables service
iptables_service: iptables
# File to write rules to/from
iptables_state: /etc/iptables/rules-save
defaults/family-Debian.yml
# List of packages to install
iptables_packages:
- iptables
- iptables-persistent
# name of the iptables service
iptables_service: netfilter-persistent
# File to write rules to/from
iptables_state: /etc/iptables/rules.v4
defaults/family-RedHat.yml
# List of packages to install
iptables_packages:
- iptables
- iptables-services
# name of the iptables service
iptables_service: iptables
# File to write rules to/from
iptables_state: /etc/sysconfig/iptables
Example Playbook
molecule/default/converge.yml
- name: sample playbook for role 'iptables'
hosts: all
become: 'yes'
tasks:
- name: Include role 'iptables'
ansible.builtin.include_role:
name: iptables