ansible/router
ansible/router
2
0
Fork 0
Code Issues 1 Pull requests Activity
router/tasks/routing.yaml

57 lines
2 KiB
YAML
Raw Blame History

---
# install iptables
- name: "routing - install ptables"
community.general.apk:
name:
- "iptables"
state: "present"
update_cache: true
# enable ipv4 forwarding
- name: "routing - configure ipv4 forwarding"
ansible.posix.sysctl:
name: "net.ipv4.conf.all.forwarding"
value: "1"
state: "present"
sysctl_file: "/etc/sysctl.conf"
reload: false
# disable ipv4 redirects and source routing
- name: "routing - disable ipv4 redirects and source routing"
ansible.posix.sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
state: "present"
sysctl_file: "/etc/sysctl.conf"
reload: false
loop:
- name: "net.ipv4.conf.all.accept_redirects"
value: "0"
- name: "net.ipv4.conf.all.send_redirects"
value: "0"
- name: "net.ipv4.conf.all.accept_source_route"
value: "0"
- name: "net.ipv4.conf.all.log_martians"
value: "0"
# configure static routes
- name: "routing - static routes"
ansible.builtin.blockinfile:
path: "/etc/network/interfaces"
marker: " # {mark} ANSIBLE MANAGED STATIC ROUTES"
block: |
{% for route in static_routes %}
# {{ route.name }}
{% if route.metric is defined %}
down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}
up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }} metric {{ route.metric }}
{% else %}
down ip route del {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}
up ip route add {{ route.destination }} via {{ route.gateway }}{{ ' dev ' + route.interface if route.interface is defined else '' }}
{% endif %}
{% endfor %}
insertafter: "^iface {{ lan_interface }} inet.*\\n(\\s+.*\\n)*\\s+netmask"
state: "{{ 'present' if static_routes | length > 0 else 'absent' }}"
notify: "apply routes"
Reference in a new issue View git blame Copy permalink