unefined

Ansible

Oct 16th, 2021
631
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. iptables -t nat -I POSTROUTING 1 -s {{ openvpn_internal.split(" ")[0] }} netmask {{ openvpn_internal.split(" ")[1] }} -o {{ hostvars[inventory_hostname]["ansible_default_ipv4"]["alias"] }} -j MASQUERADE
  3. iptables -I INPUT 1 -i tun0 -j ACCEPT
  4.  
  5. iptables -I FORWARD 1 -i {{ hostvars[inventory_hostname]["ansible_default_ipv4"]["alias"] }} -o tun0 -j ACCEPT
  6. iptables -I FORWARD 1 -i tun0 -o {{ hostvars[inventory_hostname]["ansible_default_ipv4"]["alias"] }} -j ACCEPT
  7. iptables -I INPUT 1 -i {{ hostvars[inventory_hostname].ansible_default_ipv4.alias }} -p udp --dport {{ openvpn_port }}  -j ACCEPT
  8.  
  9.  
  10. iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j ACCEPT
  11. iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 80 -j ACCEPT
  12.  
  13. iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  14.  
  15. iptables -A INPUT -p icmp -j ACCEPT
  16. iptables -A FORWARD -i tun0 -o tun0 -j DROP
  17. iptables --policy INPUT DROP
  18.  
RAW Paste Data