Added iptables rules and enable service

2024-02-19 08:57:11 -06:00 · 2024-02-19 08:57:11 -06:00 · c6d2270cfa
commit c6d2270cfa
parent ec0614a9a9
2 changed files with 41 additions and 0 deletions
--- a/roles/config/files/iptables
+++ b/roles/config/files/iptables
@ -0,0 +1,24 @@
+# sample configuration for iptables service
+# you can edit this manually or use system-config-firewall
+# please do not ask us to add additional ports/services to this default configuration
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+#-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+#-A INPUT -p icmp -j ACCEPT
+#-A INPUT -i lo -j ACCEPT
+#-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+#-A INPUT -j REJECT --reject-with icmp-host-prohibited
+#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+# NAT Section
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A PREROUTING --src 0/0 -p tcp --dport 80 -j REDIRECT --to-ports 8080
+-A PREROUTING --src 0/0 -p tcp --dport 443 -j REDIRECT --to-ports 8443
+-A OUTPUT --src 0/0 --dst 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 8080
+-A OUTPUT --src 0/0 --dst 127.0.0.1 -p tcp --dport 443 -j REDIRECT --to-ports 8443
+COMMIT
--- a/roles/config/tasks/main.yml
+++ b/roles/config/tasks/main.yml
@ -26,6 +26,23 @@
  when: variant.stdout=="iot"
  tags: config

+- name: Setup port iptables 80 / 443 redirection to 8080 / 8443 caddy
+  become: true
+  become_method: sudo
+  ansible.builtin.copy:
+    src: iptables
+    dest: /etc/sysconfig/iptables
+  tags: config
+
+- name: Enable iptables service
+  become: true
+  become_method: sudo
+  ansible.builtin.systemd_service:
+    name: iptables
+    state: started
+    enabled: true
+  tags: config
+
 - name: Enable Cockpit Service
  become: true
  become_method: sudo