Hi David & list,
On 12/12/2014 20:13, David Reagan wrote:
> @Michael I assume you are templating the /etc/sysconfig/iptables in
> CentOS, and /etc/iptables/rules.v4 in Ubuntu files? I just figured out
> that you can install the iptables-persistent package in Ubuntu, I hadn't
> been sure what files you were referring to before that...
You can also simply do in /etc/network/interfaces :
...
iface eth0 inet static
pre-up iptables-restore < /etc/network/iptables
...
without resorting to iptables-persistent.
> So, a reload on CentOS would be ```service iptables restart```. What
> about Ubuntu? ```cat /etc/iptables/rules.v4 | iptables-restore``` ?
For this, I have a flush script that I push with ansible, which
basically does :
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
> @Brian, I took a look at fwbuilder. Looks almost as complicated as
> iptables itself. At least for my limited needs. Maybe if I was doing
> something more complicated... Thanks for the tip.
I'll probably try "ferm" RSN. Since it supports '.d' style configuration
layout (@include 'ferm.d/'), it should be really easy to integrate the
necessary rules in each ansible role, without resorting to the assemble
module (or worse, trying to write an omnipotent iptable rules file, been
there...).
http://ferm.foo-projects.org/
M
--
Michel Blanc
{ :github => "@leucos", :twitter => "@b9m", :gpg => "0X24B35C22" }
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/548B666A.3090502%40mbnet.fr.
For more options, visit https://groups.google.com/d/optout.
