ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install-update-firewall.yml: don't start firewall if initial install.

Browse Source
This commit is contained in:
Christoph 2019-07-17 17:39:09 +02:00
parent 4bc1270d33
commit 462e65766b
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
scripts/install-update-firewall.yml
View File

@ -620,8 +620,6 @@
command: cp {{ git_firewall_repository.dest }}/conf/interfaces_ipv4.conf.sample /etc/ipt-firewall/interfaces_ipv4.conf command: cp {{ git_firewall_repository.dest }}/conf/interfaces_ipv4.conf.sample /etc/ipt-firewall/interfaces_ipv4.conf
when: not interfaces_ipv4_exists.stat.exists when: not interfaces_ipv4_exists.stat.exists
register: new_interfaces_ipv4 register: new_interfaces_ipv4
notify:
- Restart IPv4 Firewall
- name: Configure interfaces_ipv4.conf 1/2 - name: Configure interfaces_ipv4.conf 1/2
@ -656,8 +654,6 @@
command: cp {{ git_firewall_repository.dest }}/conf/interfaces_ipv6.conf.sample /etc/ipt-firewall/interfaces_ipv6.conf command: cp {{ git_firewall_repository.dest }}/conf/interfaces_ipv6.conf.sample /etc/ipt-firewall/interfaces_ipv6.conf
when: not interfaces_ipv6_exists.stat.exists when: not interfaces_ipv6_exists.stat.exists
register: new_interfaces_ipv6 register: new_interfaces_ipv6
notify:
- Restart IPv6 Firewall
- name: Configure interfaces_ipv6.conf 1/2 - name: Configure interfaces_ipv6.conf 1/2
lineinfile: lineinfile:
@ -704,15 +700,11 @@
command: cp {{ git_firewall_repository.dest }}/conf/main_ipv4.conf.sample /etc/ipt-firewall/main_ipv4.conf command: cp {{ git_firewall_repository.dest }}/conf/main_ipv4.conf.sample /etc/ipt-firewall/main_ipv4.conf
when: not main_ipv4_exists.stat.exists when: not main_ipv4_exists.stat.exists
register: cp_main_ipv4 register: cp_main_ipv4
notify:
- Restart IPv4 Firewall
- name: Place new configuration file '/etc/ipt-firewall/main_ipv6.conf' - name: Place new configuration file '/etc/ipt-firewall/main_ipv6.conf'
command: cp {{ git_firewall_repository.dest }}/conf/main_ipv6.conf.sample /etc/ipt-firewall/main_ipv6.conf command: cp {{ git_firewall_repository.dest }}/conf/main_ipv6.conf.sample /etc/ipt-firewall/main_ipv6.conf
when: not main_ipv6_exists.stat.exists when: not main_ipv6_exists.stat.exists
register: cp_main_ipv6 register: cp_main_ipv6
notify:
- Restart IPv6 Firewall
# Configure main_ipv4.conf # Configure main_ipv4.conf
# #
@ -979,15 +971,21 @@
- ipt - ipt
- ip6t - ip6t
- name: Start firewall services - name: Enable firewall services IPv4
systemd: systemd:
name: "{{ item }}-firewall" name: ipt-firewall
state: restarted state: stopped
enabled: yes
daemon_reload: yes
when: systemd_service_files_installed is changed
register: firewall_service_started
- name: Enable firewall services IPv6
systemd:
name: ip6t-firewall
state: stopped
enabled: yes enabled: yes
daemon_reload: yes daemon_reload: yes
with_items:
- ipt
- ip6t
when: systemd_service_files_installed is changed when: systemd_service_files_installed is changed
register: firewall_service_started register: firewall_service_started
@ -1020,8 +1018,14 @@
service: service:
name: ipt-firewall name: ipt-firewall
state: restarted state: restarted
when:
- interfaces_ipv4_exists.stat.exists
- main_ipv4_exists.stat.exists
- name: Restart IPv6 Firewall - name: Restart IPv6 Firewall
service: service:
name: ip6t-firewall name: ip6t-firewall
state: restarted state: restarted
when:
- interfaces_ipv6_exists.stat.exists
- main_ipv6_exists.stat.exists