yves
/
home-server
1
0
Fork 0
Code Issues 8 Pull Requests Releases Wiki Activity
home-server/roles/nftables_back/tasks/main.yml

40 lines
1.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 20182023 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
- name: DMZ firewall
include_role:
name: nftables.inc
allow_duplicates: true
- name: enable IP forward
copy:
content: |
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
dest: /etc/sysctl.d/30-ipforward.conf
mode: 0600
when: (env == 'prod')
notify:
- apply sysctl immediately
- name: enable kernel logging
copy:
content: |
net.netfilter.nf_log_all_netns=1
dest: /etc/sysctl.d/30-kernellog.conf
mode: 0600
when: (env == 'prod')
notify:
- apply sysctl immediately
### LOCAL COMMIT ⇒ ###
- name: commit local changes
include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
vars:
msg: back firewall
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers
Reference in New Issue View Git Blame Copy Permalink