Skip to content

Firewall using iptables rules#

This is a simple role to install iptables and iptables persistent. Configure rules with a few options.

Defaults#

# Defaults variables for iptables
---

# List of ports to open on the public interface
iptables_public_ports: [22]
# List of ports to open only to our servers
iptables_internal_hosts_only_ports: []
# Our hosts that have access to special ports
iptables_internal_hosts_ips_v4: []
iptables_internal_hosts_ips_v6: []
# List of private networks
iptables_private_networks_v4: []
iptables_private_networks_v6: []
# you have to white list the accept policy
# by default only filter.input is drop
iptables_accept_policy:
  filter: ["output", "forward"]
  nat: ["prerouting", "input", "output", "postrouting"]
# you can provide a list of extra rule as a dict
# where key is the comment and value is the rule
# it will be sorted by key lexical orders
iptables_extra_rules_filter_v4: {}
iptables_extra_rules_filter_v6: {}
iptables_extra_rules_nat_v4: {}
iptables_extra_rules_nat_v6: {}