Comment on Ansible iptables best practices?
non_burglar@lemmy.world 3 weeks ago
Generally, you set up a rule + command playbook, where the command invokes the iptables-save command.
Comment on Ansible iptables best practices?
non_burglar@lemmy.world 3 weeks ago
Generally, you set up a rule + command playbook, where the command invokes the iptables-save command.
DasFaultier@sh.itjust.works 3 weeks ago
Yeah,
ansible.builtin.iptablesmakes the changes and the task then notifies a handler to invokeiptables-save.non_burglar@lemmy.world 2 weeks ago
There’s a bunch of posts about the iptables-save function of the built-in iptables module not working in many cases, so I figured it was a safer bet to suggest the playbook include an actual command invocation.
In my personal experience, the module doesnt actually save the persistent rule in about half the cases. I haven’t looked into it much, but it seems happen more on systems where systemd iptables-firewall is present. (Not trying to start a flame war)
DasFaultier@sh.itjust.works 2 weeks ago
Sorry for being unclear, that’s what I meant. Set rules using the Ansible module, make them persistent by notifying a handler that makes a cmd call.