Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - name: maintain the DOCKER-USER access list
- hosts: zoonavigators
- vars:
- - wl_hosts:
- - "172.31.0.1"
- - "172.31.0.2"
- - wl_ports:
- - "7070"
- - "7071"
- tasks:
- - name: check for iptables-services
- yum:
- name: iptables-services
- state: latest
- - name: enable iptables-services
- service:
- name: iptables
- enabled: yes
- state: started
- - name: flush DOCKER-USER
- iptables:
- chain: DOCKER-USER
- flush: true
- - name: whitelist for DOCKER-USER
- iptables:
- chain: DOCKER-USER
- protocol: tcp
- ctstate: NEW
- syn: match
- source: "{{ item[0] }}"
- destination_port: "{{ item[1] }}"
- jump: ACCEPT
- with_nested:
- - "{{ wl_hosts }}"
- - "{{ wl_ports }}"
- - name: drop non whitelisted connections to DOCKER-USER
- iptables:
- chain: DOCKER-USER
- protocol: tcp
- #source: "0.0.0.0/0"
- destination_port: "{{ item }}"
- jump: DROP
- with_items:
- - "{{ wl_hosts }}"
- - name: save new iptables
- command:
- /usr/libexec/iptables/iptables.init save
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement