At the moment "firewall_additional_rules" and "firewall_ip6_additional_rules" only allow a single list. This does not allow to pass custom rules from several group vars the host can belong to. With this change we can do extracted from the README:
...
For example in groups_vars/all.yml we can have:
At the moment "firewall_additional_rules" and "firewall_ip6_additional_rules" only allow a single list. This does not allow to pass custom rules from several group vars the host can belong to. With this change we can do extracted from the README:
... For example in
groups_vars/all.yml
we can have:and then from the other group vars:
and finally from an hypothetical playbook for provisioning a database node we would have something like:
As you can see, this gives the possiblity of set custom iptables rules from different levels.