Skip to content

Commit

Permalink
debug
Browse files Browse the repository at this point in the history
  • Loading branch information
@khaledk2
khaledk2 committed Dec 17, 2024
1 parent b7d59f4 commit 031f818
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions ansible/idr-firewall.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,8 @@
- 'rule family="ipv4" state established accept'
- 'rule family="ipv4" state related accept'
# For OUTPUT (Outgoing Traffic)
- 'rule family="ipv4" direction="out" state established accept'
- 'rule family="ipv4" direction="out" state related accept'
#- 'rule family="ipv4" direction="out" state established accept'
#- 'rule family="ipv4" direction="out" state related accept'
# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 --dport 80 -j ACCEPT
# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 -j ACCEPT

Expand All @@ -89,6 +89,12 @@
# allow TCP traffic on idr_external_tcp_ports
- 'rule family="ipv4" protocol value="tcp" destination port={{ idr_external_tcp_ports | join("," ) }} accept'

- name: Run command
become: true
ansible.builtin.command :
- firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 --dport 80 -j ACCEPT
- firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 -j ACCEPT
-
# Use a low priority REJECT rule so that clients can detect when
# they've been rejected
# The alternative of setting a default DROP policy will leave them
Expand Down

0 comments on commit 031f818

Please sign in to comment.