2023-03-01 22:52:00 +01:00
|
|
|
- name: Install iptables-persistent
|
|
|
|
ansible.builtin.apt:
|
|
|
|
name:
|
|
|
|
- iptables
|
|
|
|
- iptables-persistent
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Filter FORWARD packets
|
|
|
|
ansible.builtin.iptables:
|
|
|
|
chain: FORWARD
|
|
|
|
jump: DROP
|
|
|
|
in_interface: "{{ wireguard_interface }}"
|
|
|
|
out_interface: "{{ other_interface }}"
|
|
|
|
when:
|
|
|
|
- filter_forward | bool
|
|
|
|
- other_interface | length > 0
|
|
|
|
|
|
|
|
|
|
|
|
- name: Setup ipv4 IP forward
|
2023-03-15 22:44:06 +01:00
|
|
|
sysctl:
|
2023-03-01 22:52:00 +01:00
|
|
|
name: net.ipv4.ip_forward
|
|
|
|
value: '1'
|
|
|
|
sysctl_set: true
|
|
|
|
reload: true
|
|
|
|
|
|
|
|
- name: Save current firewall state
|
|
|
|
community.general.iptables_state:
|
|
|
|
state: saved
|
|
|
|
path: /etc/iptables/rules.v4
|
|
|
|
when:
|
|
|
|
- filter_forward | bool
|
|
|
|
- other_interface | length > 0
|