Browse Source

update up tables

master
Markus Bergholz 1 month ago
parent
commit
bc7573050b
1 changed files with 57 additions and 5 deletions
  1. 57
    5
      ansible/local.yml

+ 57
- 5
ansible/local.yml View File

@@ -4,11 +4,63 @@
gather_facts: False

vars:
python_version: 3.7.3
ip_version:
- ipv4

tasks:
##############################
#
# docker published ports must
# be handled in the DOCKER-USER chain
# which ufw cannot provide
# therefore we use plain iptables
# to block some published ports
#
##############################
- name: drop fluentd port
become: yes
iptables:
action: insert
chain: DOCKER-USER
protocol: tcp
destination_port: 24224
jump: DROP
ip_version: "{{ item }}"
comment: drop fluentd port
with_items: "{{ ip_version }}"

- name: install python {{ python_version }} to ~/.local
include_role:
name: local
tasks_from: python
- name: drop maroadb proxy port
become: yes
iptables:
action: insert
chain: DOCKER-USER
protocol: tcp
destination_port: 3307
jump: DROP
ip_version: "{{ item }}"
comment: drop mariadb proxy port
with_items: "{{ ip_version }}"

- name: drop maroadb proxy port
become: yes
iptables:
action: insert
chain: DOCKER-USER
protocol: tcp
destination_port: 3306
jump: DROP
ip_version: "{{ item }}"
comment: drop mariadb port
with_items: "{{ ip_version }}"

- name: drop docker warm join port
become: yes
iptables:
action: insert
chain: DOCKER-USER
protocol: tcp
destination_port: 2377
jump: DROP
ip_version: "{{ item }}"
comment: drop docker swarm join port
with_items: "{{ ip_version }}"

Loading…
Cancel
Save