Infra_mgmt/roles/wireguard/tasks/firewall.yml

33 lines
706 B
YAML
Raw Permalink Normal View History

2023-03-01 22:52:00 +01:00
- name: Install iptables-persistent
ansible.builtin.apt:
name:
- iptables
- iptables-persistent
state: present
- name: Filter FORWARD packets
ansible.builtin.iptables:
chain: FORWARD
jump: DROP
in_interface: "{{ wireguard_interface }}"
out_interface: "{{ other_interface }}"
when:
- filter_forward | bool
- other_interface | length > 0
- name: Setup ipv4 IP forward
sysctl:
2023-03-01 22:52:00 +01:00
name: net.ipv4.ip_forward
value: '1'
sysctl_set: true
reload: true
- name: Save current firewall state
community.general.iptables_state:
state: saved
path: /etc/iptables/rules.v4
when:
- filter_forward | bool
- other_interface | length > 0