diff options
Diffstat (limited to 'roles/os_firewall/tasks/firewall/iptables.yml')
-rw-r--r-- | roles/os_firewall/tasks/firewall/iptables.yml | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml deleted file mode 100644 index 55f2fc471..000000000 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- - -- name: Ensure firewalld service is not enabled - systemd: - name: firewalld - state: stopped - enabled: no - masked: yes - register: task_result - failed_when: task_result|failed and 'could not' not in task_result.msg|lower - -- name: Wait 10 seconds after disabling firewalld - pause: - seconds: 10 - when: task_result | changed - -- name: Install iptables packages - package: name={{ item }} state=present - with_items: - - iptables - - iptables-services - when: not openshift.common.is_atomic | bool - -- name: Start and enable iptables service - systemd: - name: iptables - state: started - enabled: yes - masked: no - daemon_reload: yes - register: result - -- name: need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail - pause: seconds=10 - when: result | changed - -- name: Add iptables allow rules - os_firewall_manage_iptables: - name: "{{ item.service }}" - action: add - protocol: "{{ item.port.split('/')[1] }}" - port: "{{ item.port.split('/')[0] }}" - with_items: "{{ os_firewall_allow }}" - -- name: Remove iptables rules - os_firewall_manage_iptables: - name: "{{ item.service }}" - action: remove - protocol: "{{ item.port.split('/')[1] }}" - port: "{{ item.port.split('/')[0] }}" - with_items: "{{ os_firewall_deny }}" |