Ansible playbook block ALL IP exclude one or more IP

Question

I'm starting to use Ansible to develop a playbook that perform some actions on the system iptables. I have a server and I want to block ALL IP except one or more IP.

I really don't know how to write the iptables rules using the ansible modules. I need to:

Drop all incoming traffic (iptables -P INPUT DROP)
Drop all incoming traffic (iptables -P INPUT DROP)
Drop all forwarded traffic (iptables -P FORWARD DROP)
Allow all outgoing traffic (iptables -P OUTPUT ACCEPT)
iptables -A INPUT -p tcp -m tcp -s ipaddress --dport 22 -j ACCEPT

So far, I've created this Playbook:

---

  - hosts: localhost
    remote_user: sysadmin
    become: true

    vars:
      host_name: localhost

    tasks:

  # Drop all incoming traffic
  # iptables -P INPUT DROP
     - iptables:
         chain: INPUT
         protocol: all
         jump: DROP
       become: yes


  # Drop all forwarded traffic
  # iptables -P FORWARD DROP
     - iptables:
         chain: FORWARD
         source: all
         jump: DROP
       become: yes

  # Allow all outgoing traffic
  #iptables -P OUTPUT ACCEPT
     - iptables:
         chain: OUTPUT
         source: all
         jump: ACCEPT
       become: yes

  # Allow all outgoing traffic
  # iptables -A INPUT -p tcp -m tcp -s xx.xx.xx.xx/32 --dport 22 -j ACCEPT
     - iptables:
         action: append
         chain: INPUT
         protocol: tcp
         source: ip_address
         destination_port: 22
         jump: ACCEPT
       become: yes

Ansible playbook block ALL IP exclude one or more IP

Answers (1)

Related Questions