Created
August 25, 2018 14:35
-
-
Save codarrenvelvindron/9e16b3eb5c4e069271d290aab8f38911 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tasks: | |
- name: Install iptables Persistent | |
apt: name=netfilter-persistent state=present update_cache=true | |
- name: Set Loop Back Rule | |
iptables: | |
chain: INPUT | |
in_interface: lo | |
jump: ACCEPT | |
comment: 'Accept all loop back traffic' | |
- name: Set Established Connection Rule | |
iptables: | |
chain: INPUT | |
ctstate: 'ESTABLISHED,RELATED' | |
jump: ACCEPT | |
comment: 'Let all established connection stay' | |
- name: Set SSH Port 40022 SSH Rule | |
iptables: | |
chain: INPUT | |
jump: ACCEPT | |
protocol: tcp | |
destination_port: 40022 | |
comment: 'Accept all SSH traffic' | |
- name: Set HTTP Port 80 HTTP Rule | |
iptables: | |
chain: INPUT | |
jump: ACCEPT | |
protocol: tcp | |
destination_port: 80 | |
comment: 'Accept all HTTP traffic' | |
- name: Set HTTPS Port 443 TLS Rule | |
iptables: | |
chain: INPUT | |
jump: ACCEPT | |
protocol: tcp | |
destination_port: 443 | |
comment: 'Accept all SSL traffic' | |
- name: Set Port 3306 SQL Rule | |
iptables: | |
chain: INPUT | |
jump: ACCEPT | |
protocol: tcp | |
destination_port: 3306 | |
comment: 'Accept all MySQL traffic' | |
- name: Drop Any Traffic Without Rule | |
iptables: | |
chain: INPUT | |
jump: DROP | |
comment: 'Drop traffic for rules that did not match' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment