123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 |
- ---
- - name: Install iptables
- ansible.builtin.package:
- name:
- - iptables
- - iptables-persistent
- state: present
- - name: Enable masquerading on egress interface
- ansible.builtin.iptables:
- table: nat
- chain: POSTROUTING
- out_interface: "{{ router_egress_interface }}"
- jump: MASQUERADE
- notify: Save iptables rules
- - name: Allow incoming established connections from egress interface
- ansible.builtin.iptables:
- chain: FORWARD
- in_interface: "{{ router_egress_interface }}"
- out_interface: "{{ router_ingress_interface }}"
- ctstate: RELATED,ESTABLISHED
- jump: ACCEPT
- notify: Save iptables rules
- - name: Forward traffic from ingress to egress interfaces
- ansible.builtin.iptables:
- chain: FORWARD
- in_interface: "{{ router_ingress_interface }}"
- out_interface: "{{ router_egress_interface }}"
- jump: ACCEPT
- notify: Save iptables rules
- - name: Drop traffic not going over egress interface
- ansible.builtin.iptables:
- chain: FORWARD
- jump: DROP
- notify: Save iptables rules
- - name: Enable IP forwarding
- ansible.posix.sysctl:
- name: net.ipv4.ip_forward
- value: '1'
|