ハンズオン

Ansible | IPtables モジュールで Established な通信を許可する

Ansible の IPtables モジュールを使用して Established な通信を許可してみた。

仕様

すでに確立した(Established)な通信を許可する。

設定

playbook.yml †

1
2
3
4
5
6
7
8
9
10
11
- hosts: proxyservers
  become: true
  tasks:
    - apt:
        name: iptables
    - name: Allow related and established connections
      iptables:
        chain: INPUT
        ctstate: ESTABLISHED,RELATED
        jump: ACCEPT
      become: yes

実行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# ansible-playbook -i hosts  playnook.yml -k -K
SSH password:
BECOME password[defaults to SSH password]:

PLAY [proxyservers] *************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [192.168.0.80]

TASK [apt] **********************************************************************************************************
ok: [192.168.0.80]

TASK [Allow related and established connections] ********************************************************************
changed: [192.168.0.80]

PLAY RECAP **********************************************************************************************************
192.168.0.80               : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

確認

1
2
3
4
5
6
7
8
9
10
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination