You've already forked custom-firewall
42 lines
972 B
YAML
42 lines
972 B
YAML
---
|
|
- name: Ipset package installation
|
|
apt:
|
|
name: "ipset"
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 86400
|
|
|
|
- name: Create ipset list
|
|
template:
|
|
src: ipset.j2
|
|
dest: "{{ whitelist_ipset_config_file }}"
|
|
become: true
|
|
register: ipset_list
|
|
|
|
- name: Apply ipset list
|
|
shell: "ipset restore -! < {{ whitelist_ipset_config_file }}"
|
|
when: ipset_list.changed
|
|
|
|
- name: custom.firewall-restore script
|
|
template:
|
|
src: custom.firewall-restore.j2
|
|
dest: "{{ whitelist_custom_firewall_restore_path }}"
|
|
mode: 0700
|
|
|
|
- name: systemd service
|
|
template:
|
|
src: custom-firewall.service.j2
|
|
dest: "{{ whitelist_custom_firewall_service_path }}"
|
|
register: firewall_service
|
|
|
|
- name: Systemd service enable
|
|
when: firewall_service.changed
|
|
systemd:
|
|
name: custom-firewall
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
|
|
- name: Apply firewall rules
|
|
when: firewall_service.changed
|
|
shell: "{{ whitelist_custom_firewall_restore_path }}"
|