SHARE
TWEET

DOCKER-USER, ansible and iptables

yiorgos Feb 22nd, 2019 (edited) 375 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ---
  2. - name: maintain the DOCKER-USER access list
  3.   hosts: zoonavigators
  4.   vars:
  5.     - wl_hosts:
  6.       - "172.31.0.1"
  7.       - "172.31.0.2"
  8.     - wl_ports:
  9.       - "7070"
  10.       - "7071"
  11.   tasks:
  12.  
  13.   - name: check for iptables-services
  14.     yum:
  15.       name: iptables-services
  16.       state: latest
  17.  
  18.   - name: enable iptables-services
  19.     service:
  20.       name: iptables
  21.       enabled: yes
  22.       state: started
  23.  
  24.   - name: flush DOCKER-USER
  25.     iptables:
  26.       chain: DOCKER-USER
  27.       flush: true
  28.  
  29.   - name: whitelist for DOCKER-USER
  30.     iptables:
  31.       chain: DOCKER-USER
  32.       protocol: tcp
  33.       ctstate: NEW
  34.       syn: match
  35.       source: "{{ item[0] }}"
  36.       destination_port: "{{ item[1] }}"
  37.       jump: ACCEPT
  38.     with_nested:
  39.       - "{{ wl_hosts }}"
  40.       - "{{ wl_ports }}"
  41.  
  42.   - name: drop non whitelisted connections to DOCKER-USER
  43.     iptables:
  44.       chain: DOCKER-USER
  45.       protocol: tcp
  46.       #source: "0.0.0.0/0"
  47.       destination_port: "{{ item }}"
  48.       jump: DROP
  49.     with_items:
  50.       - "{{ wl_hosts }}"
  51.  
  52.   - name: save new iptables
  53.     command:
  54.       /usr/libexec/iptables/iptables.init save
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top