dani/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
2269974840
ansible-roles/roles/crowdsec_firewall_bouncer/tasks/iptables.yml
Daniel Berteaud 4c4556c660 Update to 2021-12-01 19:13
2021-12-01 19:13:34 +01:00

18 lines
509 B
YAML
Raw Blame History

---
- name: Ensure ipsets exist
shell: |
ipset list crowdsec-blacklists || ipset create crowdsec-blacklists nethash timeout 300
ipset list crowdsec6-blacklists || ipset create crowdsec6-blacklists nethash timeout 300 family inet6
changed_when: False
tags: cs
- name: Add DROP rules
iptables_raw:
name: cs_blacklist
weight: 9
rules: |
-A INPUT -m set --match-set crowdsec-blacklists src -j DROP
-A FORWARD -m set --match-set crowdsec-blacklists src -j DROP
tags: cs
Reference in New Issue View Git Blame Copy Permalink