| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- ---
- - name: Install iptables
- ansible.builtin.package:
- name:
- - iptables
- - iptables-persistent
- state: present
- - name: Enable masquerading on egress interface
- ansible.builtin.iptables:
- table: nat
- chain: POSTROUTING
- out_interface: "{{ router_egress_interface }}"
- jump: MASQUERADE
- notify: Save iptables rules
- - name: Allow incoming established connections from egress interface
- ansible.builtin.iptables:
- chain: FORWARD
- in_interface: "{{ router_egress_interface }}"
- out_interface: "{{ router_ingress_interface }}"
- ctstate: RELATED,ESTABLISHED
- jump: ACCEPT
- notify: Save iptables rules
- - name: Forward traffic from ingress to egress interfaces
- ansible.builtin.iptables:
- chain: FORWARD
- in_interface: "{{ router_ingress_interface }}"
- out_interface: "{{ router_egress_interface }}"
- jump: ACCEPT
- notify: Save iptables rules
- - name: Drop traffic not going over egress interface
- ansible.builtin.iptables:
- chain: FORWARD
- jump: DROP
- notify: Save iptables rules
- - name: Enable IP forwarding
- ansible.posix.sysctl:
- name: net.ipv4.ip_forward
- value: '1'
- - name: Disable IPv6
- ansible.posix.sysctl:
- name: net.ipv6.conf.all.disable_ipv6
- value: '1'
|
