|
|
@@ -0,0 +1,41 @@
|
|
|
+---
|
|
|
+- name: Install iptables
|
|
|
+ ansible.builtin.package:
|
|
|
+ name:
|
|
|
+ - iptables
|
|
|
+ - iptables-persistent
|
|
|
+ state: present
|
|
|
+
|
|
|
+
|
|
|
+- name: Enable masquerading on egress interface
|
|
|
+ ansible.builtin.iptables:
|
|
|
+ table: nat
|
|
|
+ chain: POSTROUTING
|
|
|
+ out_interface: "{{ router_egress_interface }}"
|
|
|
+ jump: MASQUERADE
|
|
|
+ notify: Save iptables rules
|
|
|
+
|
|
|
+
|
|
|
+- name: Allow incoming established connections from egress interface
|
|
|
+ ansible.builtin.iptables:
|
|
|
+ chain: FORWARD
|
|
|
+ in_interface: "{{ router_egress_interface }}"
|
|
|
+ out_interface: "{{ router_ingress_interface }}"
|
|
|
+ ctstate: RELATED,ESTABLISHED
|
|
|
+ jump: ACCEPT
|
|
|
+ notify: Save iptables rules
|
|
|
+
|
|
|
+
|
|
|
+- name: Forward traffic from ingress to egress interfaces
|
|
|
+ ansible.builtin.iptables:
|
|
|
+ chain: FORWARD
|
|
|
+ in_interface: "{{ router_ingress_interface }}"
|
|
|
+ out_interface: "{{ router_egress_interface }}"
|
|
|
+ jump: ACCEPT
|
|
|
+ notify: Save iptables rules
|
|
|
+
|
|
|
+
|
|
|
+- name: Enable IP forwarding
|
|
|
+ ansible.posix.sysctl:
|
|
|
+ name: net.ipv4.ip_forward
|
|
|
+ value: '1'
|
Blaine Story