search

geerlingguy / ansible-role-firewall

Ansible Role - iptables Firewall configuration.
https://galaxy.ansible.com/geerlingguy/firewall/
MIT License
524 stars 217 forks source link

Adding the ability of pass a list or list of lists in firewall_additional_rules and firewall_ip6_additional_rules #63

Closed gabops closed 4 years ago

gabops commented 5 years ago

At the moment "firewall_additional_rules" and "firewall_ip6_additional_rules" only allow a single list. This does not allow to pass custom rules from several group vars the host can belong to. With this change we can do extracted from the README:

... For example in groups_vars/all.yml we can have:

    firewall_additional_rules_all:
      - iptables A INPUT -s 123.123.123.123/32 -j ACCEPT -m comment --comment 'Office'"

and then from the other group vars:

    firewall_additional_rules_databases:
      - iptables A INPUT -s 111.111.111.111/32 -j ACCEPT -m comment --comment 'Webservers' "

and finally from an hypothetical playbook for provisioning a database node we would have something like:

    firewall_additional_rules:
      - "{{ firewall_additional_rules_all }}"
      - "{{ firewall_additional_rules_databases }}"

As you can see, this gives the possiblity of set custom iptables rules from different levels.


...