33 lines
1.4 KiB
YAML
33 lines
1.4 KiB
YAML
---
|
|
|
|
- name: Load iptables FTP helper
|
|
copy: content="nf_conntrack_ftp" dest=/etc/modules-load.d/freepbx.conf
|
|
notify: restart systemd-modules-load
|
|
tags: fpbx
|
|
|
|
- name: Handle FreePBX ports
|
|
iptables_raw:
|
|
name: "{{ item.name }}"
|
|
state: "{{ (item.src | length > 0 and (item.tcp_ports | length > 0 or item.udp_ports | length > 0)) | ternary('present','absent') }}"
|
|
rules: "{% if item.tcp_ports is defined and item.tcp_ports | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ item.tcp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT\n{% endif %}
|
|
{% if item.udp_ports is defined and item.udp_ports | length > 0 %}-A INPUT -m state --state NEW -p udp -m multiport --dports {{ item.udp_ports | join(',') }} -s {{ item.src | join(',') }} -j ACCEPT{% endif %}"
|
|
when: iptables_manage | default(True)
|
|
loop:
|
|
- name: fpbx_mgm_ports
|
|
tcp_ports: "{{ fpbx_mgm_tcp_ports }}"
|
|
udp_ports: "{{ fpbx_mgm_udp_ports }}"
|
|
src: "{{ fpbx_mgm_src_ip }}"
|
|
- name: fpbx_voip_ports
|
|
tcp_ports: "{{ fpbx_voip_tcp_ports }}"
|
|
udp_ports: "{{ fpbx_voip_udp_ports }}"
|
|
src: "{{ fpbx_voip_src_ip }}"
|
|
- name: fpbx_http_ports
|
|
tcp_ports: "{{ fpbx_http_ports }}"
|
|
src: "{{ fpbx_http_src_ip }}"
|
|
- name: fpbx_prov_ports
|
|
tcp_ports: "{{ fpbx_prov_tcp_ports }}"
|
|
udp_ports: "{{ fpbx_prov_udp_ports }}"
|
|
src: "{{ fpbx_prov_src_ip }}"
|
|
tags: fpbx,firewall
|
|
|