Hi,
Testing this <https://github.com/mikegleasonjr/ansible-role-firewall> out and I'm trying to get the example below working. The rules in all.yml are picked up fine, but the rules in webservers.yml are not. /etc/ansible/inventory/hosts: [webservers] example.machine /etc/ansible/playbooks/fw.ywl: - hosts: all roles: - mikegleasonjr.firewall /etc/ansible/inventory/group_vars/all.yml: firewall_v4_default_rules: 001 default policies: - -P INPUT ACCEPT - -P OUTPUT ACCEPT - -P FORWARD DROP 002 allow loopback: - -A INPUT -i lo -j ACCEPT 003 allow ping replies: - -A INPUT -p icmp --icmp-type echo-request -j ACCEPT - -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT 100 allow established related: - -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 200 allow ssh limiting brute force: - -I INPUT -p tcp -d {{ hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address'] }} --dport 22 -m state --state NEW -m recent --set - -I INPUT -p tcp -d {{ hostvars[inventory_hostname]['ansible_eth1']['ipv4']['address'] }} --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP 999 drop everything: - -P INPUT DROP /etc/ansible/inventory/group_vars/webservers.yml: --- firewall_v4_group_rules: 005 allow http traffic: - -A INPUT -p tcp --dport 80 -j ACCEPT - -A INPUT -p tcp --dport 443 -j ACCEPT I'm running Ansible like so: #ansible-playbook -i /etc/ansible/inventory/hosts /etc/ansible/playbooks/fw.ywl -vvv I've went over the webservers.yml file multiple times and the spacing seems ok and there are no typos that I can see. TASK: [mikegleasonjr.firewall | Load v4 rules] ******************************** skipping: [example.machine] As a test, I created another playbook file /etc/ansible/inventory/group_vars/mailservers.yml --- firewall_v4_group_rules: 1100 allow mail traffic: - -A INPUT -p tcp --dport 25 -j ACCEPT - -A INPUT -p tcp --dport 587 -j ACCEPT - -A INPUT -p tcp --dport 465 -j ACCEPT - -A INPUT -p tcp --dport 110 -j ACCEPT - -A INPUT -p tcp --dport 143 -j ACCEPT - -A INPUT -p tcp --dport 993 -j ACCEPT - -A INPUT -p tcp --dport 995 -j ACCEPT And this one works? What could be wrong? What's the best way to get a better picture as to why the rules for the webservers group are being skipped? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b691a12a-0bd7-4a0d-9797-f5858ba9df33%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
