get rid of deprecated code.

2026-02-01 12:30:58 +01:00
parent 1feef826b7
commit 4e06ed01aa
15 changed files with 162 additions and 98 deletions
--- a/roles/modify-ipt-server/tasks/ipt-server.yml
+++ b/roles/modify-ipt-server/tasks/ipt-server.yml
@@ -172,8 +172,8 @@
  when:
    - main_ipv4_exists.stat.exists
    - drop_mndp_ipv4_present is changed
-  notify:
-    - Restart IPv4 Firewall
+#  notify:
+#    - Restart IPv4 Firewall


 - name: Check if String 'drop_mndp=..' is present
@@ -246,8 +246,69 @@
  when:
    - main_ipv6_exists.stat.exists
    - drop_mndp_ipv6_present is changed
-  notify:
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv6 Firewall
+
+# ---
+# Fix section  Limit Connections - add limit_new_tcp_connections_per_seconds_ports
+# ---
+
+- name: Check if String 'limit_new_tcp_connections_per_seconds_ports=..' is present
+  shell: grep -q -E "^limit_new_tcp_connections_per_seconds_ports=" /etc/ipt-firewall/main_ipv4.conf
+  register: drop_limit_new_tcp_connections_per_seconds_ports_present
+  when: main_ipv4_exists.stat.exists
+  failed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 1"
+  changed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (limit_new_tcp_connections_per_seconds_ports)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv4.conf
+    insertafter: '^#?\s*limit_new_tcp_connections_per_seconds_per_source_IP'
+    block: |
+      # - limit_new_tcp_connections_per_seconds_ports
+      # -
+      # - comma separated list of ports
+      # -
+      # - Example:
+      # -   limit_new_tcp_connections_per_seconds_ports="80,443"
+      # -   limit_new_tcp_connections_per_seconds_ports="80,110,143,443,465,995"
+      #
+      limit_new_tcp_connections_per_seconds_ports=""
+    marker: "# Marker set by modify-ipt-server.yml (limit_new_tcp_connections_per_seconds_ports)"
+  when:
+    - main_ipv4_exists.stat.exists
+    - drop_limit_new_tcp_connections_per_seconds_ports_present is changed
+#  notify:
+#    - Restart IPv4 Firewall
+
+
+- name: Check if String 'limit_new_tcp_connections_per_seconds_ports=..' is present
+  shell: grep -q -E "^limit_new_tcp_connections_per_seconds_ports=" /etc/ipt-firewall/main_ipv6.conf
+  register: drop_limit_new_tcp_connections_per_seconds_ports_present
+  when: main_ipv6_exists.stat.exists
+  failed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 1"
+  changed_when: "drop_limit_new_tcp_connections_per_seconds_ports_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (limit_new_tcp_connections_per_seconds_ports)
+  blockinfile:
+    path: /etc/ipt-firewall/main_ipv6.conf
+    insertafter: '^#?\s*limit_new_tcp_connections_per_seconds_per_source_IP'
+    block: |
+      # - limit_new_tcp_connections_per_seconds_ports
+      # -
+      # - comma separated list of ports
+      # -
+      # - Example:
+      # -   limit_new_tcp_connections_per_seconds_ports="80,443"
+      # -   limit_new_tcp_connections_per_seconds_ports="80,110,143,443,465,995"
+      #
+      limit_new_tcp_connections_per_seconds_ports=""
+    marker: "# Marker set by modify-ipt-server.yml (limit_new_tcp_connections_per_seconds_ports)"
+  when:
+    - main_ipv6_exists.stat.exists
+    - drop_limit_new_tcp_connections_per_seconds_ports_present is changed
+#  notify:
+#    - Restart IPv6 Firewall


 # ===
@@ -318,8 +379,8 @@
  when:
    - main_ipv4_exists.stat.exists
    - per_ip_connection_limit_settings_ipv4_present is changed
-  notify:
-    - Restart IPv4 Firewall
+#  notify:
+#    - Restart IPv4 Firewall


 - name: Check if String 'per_IP_connection_limit=..' is present
@@ -337,8 +398,8 @@
  when:
    - main_ipv6_exists.stat.exists
    - per_ip_connection_limit_settings_ipv6_present is changed
-  notify:
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv6 Firewall



@@ -363,7 +424,7 @@
     - load_modules_ipv6.conf
     - logging_ipv4.conf
     - logging_ipv6.conf
-     - post_decalrations.conf
+     - post_declarations.conf
  register: diff_script_output

 - name: Ensure configuration files are latest
@@ -375,13 +436,13 @@
     - load_modules_ipv6.conf
     - logging_ipv4.conf
     - logging_ipv6.conf
-     - post_decalrations.conf
+     - post_declarations.conf
  when:
    - git_firewall_repository is defined and git_firewall_repository|length > 0
    - diff_script_output.changed
-  notify:
-    - Restart IPv4 Firewall
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv4 Firewall
+#    - Restart IPv6 Firewall



@@ -412,9 +473,9 @@
  when:
    - git_firewall_repository is defined and git_firewall_repository|length > 0
    - diff_script_output.changed
-  notify:
-    - Restart IPv4 Firewall
-    - Restart IPv6 Firewall
+#  notify:
+#    - Restart IPv4 Firewall
+#    - Restart IPv6 Firewall



@@ -432,3 +493,8 @@
    state: absent
    path: /etc/ipt-firewall/ports.conf

+- name: Delete file '/etc/ipt-firewall/ports.conf' ..
+  file:
+    state: absent
+    path: /etc/ipt-firewall/post_decalrations.conf
+