X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Fredhat%2Froles%2Ffirewall%2Ftasks%2Fmain.yml;fp=playbooks%2Fredhat%2Froles%2Ffirewall%2Ftasks%2Fmain.yml;h=c1624fd7a6948e2879629f399a8218fae0f030c6;hb=76942f35b0b978244f917e28694b78f43e8f8860;hp=0000000000000000000000000000000000000000;hpb=ef8a08206532590b791f2950c4b22b4f2f871e97;p=ansible.git

diff --git a/playbooks/redhat/roles/firewall/tasks/main.yml b/playbooks/redhat/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..c1624fd
--- /dev/null
+++ b/playbooks/redhat/roles/firewall/tasks/main.yml
@@ -0,0 +1,52 @@
+- name: Install fail2ban and iptables-services
+  become: true
+  dnf:
+    name: ['fail2ban', 'iptables-services']
+    state: latest
+    update_cache: yes
+  register: services
+
+- name: Disable firewalld
+  become: true
+  service:
+    name: firewalld.service
+    state: stopped
+    enabled: no
+
+- name: Enable fail2ban
+  become: true
+  service:
+    name: fail2ban
+    state: started
+    enabled: yes
+
+- name: Enable iptables-service
+  become: true
+  service:
+    name: iptables
+    state: started
+    enabled: yes
+
+- name: Configure firewall
+  become: true
+  copy:
+    src: etc
+    dest: /
+    owner: root
+    group: root
+    directory_mode: '0750'
+    mode: '0750'
+    force: no
+  register: etc
+
+- name: Fix permissions for /etc/network/functions
+  become: true
+  file:
+    path: /etc/network/functions.phd
+    mode: '0640'
+  register: functions
+
+- name: Start iptables
+  become: true
+  command: /etc/rc.d/init.d/iptables.sh start
+  when: services.changed or etc.changed or functions.changed