You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

local.yml 1.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566
  1. ---
  2. - hosts: localhost
  3. connection: local
  4. gather_facts: False
  5. vars:
  6. ip_version:
  7. - ipv4
  8. tasks:
  9. ##############################
  10. #
  11. # docker published ports must
  12. # be handled in the DOCKER-USER chain
  13. # which ufw cannot provide
  14. # therefore we use plain iptables
  15. # to block some published ports
  16. #
  17. ##############################
  18. - name: drop fluentd port
  19. become: yes
  20. iptables:
  21. action: insert
  22. chain: DOCKER-USER
  23. protocol: tcp
  24. destination_port: 24224
  25. jump: DROP
  26. ip_version: "{{ item }}"
  27. comment: drop fluentd port
  28. with_items: "{{ ip_version }}"
  29. - name: drop maroadb proxy port
  30. become: yes
  31. iptables:
  32. action: insert
  33. chain: DOCKER-USER
  34. protocol: tcp
  35. destination_port: 3307
  36. jump: DROP
  37. ip_version: "{{ item }}"
  38. comment: drop mariadb proxy port
  39. with_items: "{{ ip_version }}"
  40. - name: drop maroadb proxy port
  41. become: yes
  42. iptables:
  43. action: insert
  44. chain: DOCKER-USER
  45. protocol: tcp
  46. destination_port: 3306
  47. jump: DROP
  48. ip_version: "{{ item }}"
  49. comment: drop mariadb port
  50. with_items: "{{ ip_version }}"
  51. - name: drop docker warm join port
  52. become: yes
  53. iptables:
  54. action: insert
  55. chain: DOCKER-USER
  56. protocol: tcp
  57. destination_port: 2377
  58. jump: DROP
  59. ip_version: "{{ item }}"
  60. comment: drop docker swarm join port
  61. with_items: "{{ ip_version }}"