On 14. des. 2016 06:12, [email protected] wrote:
Hi all
Ive come across a quirk when using the 'iptables_raw' module along with the
'with_together' loop.
Logically, im inserting three new iptables input rules (for ftp) and giving
them a name
I would expect that with_together would assign a name to a rule in the
order that they appear in a list,
It will when you use a list and not dictionary as you using bellow.
Dictionary is unordered in Python.
# Ansible task
- name: Create iptables rules for ftp access
iptables_raw:
name: 'ftp_{{ item.0 }}'
rules: "{{ item.1 }}"
with_together:
- { connection,
data,
passive }
- { '-A INPUT -p tcp --dport 21 -j ACCEPT',
'-A INPUT -p tcp --dport 20 -j ACCEPT',
'-A INPUT -p tcp -m tcp --sport 1024: --dport 1024: -m conntrack
--ctstate ESTABLISHED -j ACCEPT' }
# Result on target machine
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
spts:1024:65535 dpts:1024:65535 ctstate ESTABLISHED /* ansible[ftp_data] */
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:21 /* ansible[ftp_connection] */
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:20 /* ansible[ftp_passive] */
The expected output is:
port 21 - connection
port 20 - data
spts:1024:65535 dpts:1024:65535 - passive
Peculiarly, it doesn't matter what order either list is in, the result is
the same.
You say list but are using {} instead of [], I guess you will get
correct result when you change to use lists.
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/42167e07-dbbe-4ce2-7c53-f3c6a55985de%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
