feat: use union to unify the firewall creation rule
This commit is contained in:
parent
891ca42a79
commit
3cc6801c80
1 changed files with 4 additions and 17 deletions
|
|
@ -9,8 +9,7 @@
|
|||
- name: "set vars"
|
||||
ansible.builtin.set_fact:
|
||||
__firewall_enable: "{{ firewall_enable }}"
|
||||
__firewall_basic_rules: "{{ firewall_basic_rules }}"
|
||||
__firewall_host_rules: "{{ firewall_host_rules }}"
|
||||
__firewall_all_rules: "{{ firewall_basic_rules | union(firewall_host_rules)}}"
|
||||
|
||||
# manage firewall for debian
|
||||
- name: "firewall - debian family"
|
||||
|
|
@ -54,26 +53,14 @@
|
|||
policy: "deny"
|
||||
logging: "on"
|
||||
|
||||
# basic firewall rules
|
||||
- name: "firewall - add basic rules"
|
||||
# firewall rules
|
||||
- name: "firewall - add rules"
|
||||
community.general.ufw:
|
||||
rule: "allow"
|
||||
direction: "in"
|
||||
proto: "{{ item.proto | default('tcp') }}"
|
||||
from_ip: "{{ item.from_ip }}"
|
||||
to_port: "{{ item.to_port }}"
|
||||
loop: "{{ __firewall_basic_rules }}"
|
||||
loop_control:
|
||||
label: " {{ item.name }}"
|
||||
|
||||
# host firewall rules
|
||||
- name: "firewall - add host rules"
|
||||
community.general.ufw:
|
||||
rule: "allow"
|
||||
direction: "in"
|
||||
proto: "{{ item.proto | default('tcp') }}"
|
||||
from_ip: "{{ item.from_ip }}"
|
||||
to_port: "{{ item.to_port }}"
|
||||
loop: "{{ __firewall_host_rules }}"
|
||||
loop: "{{ __firewall_all_rules }}"
|
||||
loop_control:
|
||||
label: " {{ item.name }}"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue