[IPTABLES] Add rules (Not tested)

2023-05-20 23:54:16 +02:00 · 2023-05-20 23:54:16 +02:00 · fcd5694fa8
commit fcd5694fa8
parent 5fa2b5bd2b
14 changed files with 415 additions and 0 deletions
--- a/roles/iptables/tasks/accept_dns.yml
+++ b/roles/iptables/tasks/accept_dns.yml
@ -0,0 +1,57 @@
+---
+
+- name: Accept OUTPUT udp dport 53
+  ansible.builtin.iptables:
+    chain: OUTPUT
+    protocol: udp
+    ctstate:
+      - NEW
+      - RELATED
+      - ESTABLISHED
+    destination_port: 53
+    jump: ACCEPT
+    comment: Accept OUTPUT udp dport 53
+    state: present
+  become: yes
+
+- name: Accept INPUT udp sport 53
+  ansible.builtin.iptables:
+    chain: OUTPUT
+    protocol: udp
+    ctstate:
+      - NEW
+      - RELATED
+      - ESTABLISHED
+    source_port: 53
+    jump: ACCEPT
+    comment: Accept OUTPUT udp sport 53
+    state: present
+  become: yes
+
+- name: Accept OUTPUT tcp dport 53
+  ansible.builtin.iptables:
+    chain: OUTPUT
+    protocol: tcp
+    ctstate:
+      - NEW
+      - RELATED
+      - ESTABLISHED
+    destination_port: 53
+    jump: ACCEPT
+    comment: Accept OUTPUT tcp dport 53
+    state: present
+  become: yes
+
+- name: Accept INPUT tcp sport 53
+  ansible.builtin.iptables:
+    chain: OUTPUT
+    protocol: tcp
+    ctstate:
+      - NEW
+      - RELATED
+      - ESTABLISHED
+    source_port: 53
+    jump: ACCEPT
+    comment: Accept OUTPUT tcp sport 53
+    state: present
+  become: yes