Advertisement
yiorgos

DOCKER-USER, ansible and iptables

Feb 22nd, 2019
567
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.13 KB | None | 0 0
  1. ---
  2. - name: maintain the DOCKER-USER access list
  3. hosts: zoonavigators
  4. vars:
  5. - wl_hosts:
  6. - "172.31.0.1"
  7. - "172.31.0.2"
  8. - wl_ports:
  9. - "7070"
  10. - "7071"
  11. tasks:
  12.  
  13. - name: check for iptables-services
  14. yum:
  15. name: iptables-services
  16. state: latest
  17.  
  18. - name: enable iptables-services
  19. service:
  20. name: iptables
  21. enabled: yes
  22. state: started
  23.  
  24. - name: flush DOCKER-USER
  25. iptables:
  26. chain: DOCKER-USER
  27. flush: true
  28.  
  29. - name: whitelist for DOCKER-USER
  30. iptables:
  31. chain: DOCKER-USER
  32. protocol: tcp
  33. ctstate: NEW
  34. syn: match
  35. source: "{{ item[0] }}"
  36. destination_port: "{{ item[1] }}"
  37. jump: ACCEPT
  38. with_nested:
  39. - "{{ wl_hosts }}"
  40. - "{{ wl_ports }}"
  41.  
  42. - name: drop non whitelisted connections to DOCKER-USER
  43. iptables:
  44. chain: DOCKER-USER
  45. protocol: tcp
  46. #source: "0.0.0.0/0"
  47. destination_port: "{{ item }}"
  48. jump: DROP
  49. with_items:
  50. - "{{ wl_hosts }}"
  51.  
  52. - name: save new iptables
  53. command:
  54. /usr/libexec/iptables/iptables.init save
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement