The template iptables.sh.j2
is mostly derived from following this arch-wiki page on creating a stateful firewall, though I modified it a bit to reduce complexity. Their guide used four custom chains, but I think it's easier to reason about these rules by combining the first two of their custom chains and just eliminating the later two (leaving us with one).
Variables for the template (vars.yaml
) are tracked as the Ansible vars file for the associated role. The variable router_root_dir
is defined by inventory group_vars
, and has a value of /opt/router
.
The file iptables.sh
is generated by running Jinja2 against the template iptables.sh.j2
with the variables defined in vars.yaml
.
The file rules.v4
is generated by running iptables-converter -s iptables.sh
.