playbook: Include a script for open firewall.

0ecb14bf · Rafael Monnerat · 45b088b6 · 0ecb14bf · 0ecb14bf
Commit 0ecb14bf authored Apr 04, 2016 by Rafael Monnerat 👻
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 0 deletions

playbook/roles/re6stnet/files/ip6tables playbook/roles/re6stnet/files/ip6tables +16 -0

playbook/roles/re6stnet/tasks/main.yml playbook/roles/re6stnet/tasks/main.yml +7 -0

No files found.
--- a/playbook/roles/re6stnet/files/ip6tables
+++ b/playbook/roles/re6stnet/files/ip6tables
+#!/bin/bash
+
+if [ -f /sbin/ip6tables ]; then
+  if [ 0 -ne `ip6tables -L | grep -E "(DROP|REJECT)" | wc -l` ]; then
+    ip6tables -P FORWARD ACCEPT
+    ip6tables -I OUTPUT 1 -p udp --dport 6696 -j ACCEPT
+    ip6tables -I OUTPUT 2 -p udp --dport 326 -j ACCEPT
+    ip6tables -I INPUT 1 -p udp --dport 6696 -j ACCEPT
+    ip6tables -I INPUT 2 -p udp --dport 326 -j ACCEPT
+    echo "Updated firewall, openned ports 6696 and 326."
+  else
+    echo "OK (firewall is disabled)"
+  fi
+else
+  echo "OK (no ip6tables found)"
+fi
--- a/playbook/roles/re6stnet/tasks/main.yml
+++ b/playbook/roles/re6stnet/tasks/main.yml
@@ -37,6 +37,13 @@
    copy: src=centos_6_init_d dest=/etc/init.d/re6stnet mode=755
    when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6' and recheck_re6stnet_conf.stat.exists == True

+  - name: Create centos 6 init.d missing file
+    copy: src=ip6tables dest=/usr/bin/re6stnet-ip6tables-check mode=755
+
+  - shell: /usr/bin/re6stnet-ip6tables-check
+
+  - cron: name="ip6tables at reboot" special_time=reboot job="sleep 20 && /usr/bin/re6stnet-ip6tables-check"
+
  - name: Start re6st-node service
    service: name=re6stnet state=started enabled=yes
    when: recheck_re6stnet_conf.stat.exists == True