playbook: do not touch the firewall

810b11fd · Julien Muchembled · 875561ff · 875561ff · 810b11fd
Commit 810b11fd authored Sep 21, 2016 by Julien Muchembled
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 24 deletions

playbook/roles/re6stnet/files/ip6tables playbook/roles/re6stnet/files/ip6tables +0 -16

playbook/roles/re6stnet/tasks/main.yml playbook/roles/re6stnet/tasks/main.yml +2 -8

No files found.
--- a/playbook/roles/re6stnet/files/ip6tables
+++ b/playbook/roles/re6stnet/files/ip6tables
-#!/bin/bash
-
-if [ -f /sbin/ip6tables ]; then
-  if [ 0 -ne `ip6tables -L | grep -E "(DROP|REJECT)" | wc -l` ]; then
-    ip6tables -P FORWARD ACCEPT
-    ip6tables -I OUTPUT 1 -p udp --dport 6696 -j ACCEPT
-    ip6tables -I OUTPUT 2 -p udp --dport 326 -j ACCEPT
-    ip6tables -I INPUT 1 -p udp --dport 6696 -j ACCEPT
-    ip6tables -I INPUT 2 -p udp --dport 326 -j ACCEPT
-    echo "Updated firewall, openned ports 6696 and 326."
-  else
-    echo "OK (firewall is disabled)"
-  fi
-else
-  echo "OK (no ip6tables found)"
-fi
--- a/playbook/roles/re6stnet/tasks/main.yml
+++ b/playbook/roles/re6stnet/tasks/main.yml
@@ -39,14 +39,8 @@
    copy: src=centos_6_init_d dest=/etc/init.d/re6stnet mode=755
    when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6' and recheck_re6stnet_conf.stat.exists == True

-  - name: Add script for check ip6tables well configured
-    copy: src=ip6tables dest=/usr/bin/re6stnet-ip6tables-check mode=755
-
-  - name: Run re6stnet-ip6tables-check
-    shell: /usr/bin/re6stnet-ip6tables-check
-
-  - name: Include re6stnet-ip6tables-check at reboot on cron
-    cron: name="ip6tables at reboot" special_time=reboot job="sleep 20 && /usr/bin/re6stnet-ip6tables-check"
+  - file: path=/usr/bin/re6stnet-ip6tables-check state=absent
+  - cron: name="ip6tables at reboot" state=absent

  - include: tcp_nodelay.yml