--- # install iptables - name: "routing - install ptables" community.general.apk: name: - "iptables" state: "present" update_cache: true # enable ipv4 forwarding - name: "routing - configure ipv4 forwarding" ansible.posix.sysctl: name: "net.ipv4.conf.all.forwarding" value: "1" state: "present" sysctl_file: "/etc/sysctl.conf" reload: false # disable ipv4 redirects and source routing - name: "routing - disable ipv4 redirects and source routing" ansible.posix.sysctl: name: "{{ item.name }}" value: "{{ item.value }}" state: "present" sysctl_file: "/etc/sysctl.conf" reload: false loop: - name: "net.ipv4.conf.all.accept_redirects" value: "0" - name: "net.ipv4.conf.all.send_redirects" value: "0" - name: "net.ipv4.conf.all.accept_source_route" value: "0" - name: "net.ipv4.conf.all.log_martians" value: "0" # configure static routes - name: "routing - static routes" ansible.builtin.blockinfile: path: "/etc/network/interfaces" marker: " # {mark} ANSIBLE MANAGED STATIC ROUTES" block: | {% for route in static_routes %} # {{ route.name }} {% if route.metric is defined %} down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }} up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }} {% else %} down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} {% endif %} {% endfor %} insertafter: "^iface {{ lan_interface }} inet.*\\n(\\s+.*\\n)*\\s+netmask" state: "{{ 'present' if static_routes | length > 0 else 'absent' }}" notify: "apply routes"