roles/contiv/tasks/netmaster_iptables.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

---
- name: Netmaster IPtables | Add internal rules
  iptables:
    action: insert
    chain: INPUT
    # Parsed from the contiv_netmaster_internal list, this will be tcp or udp.
    protocol: "{{ item[0].split('/')[1] }}"
    match: "{{ item[0].split('/')[1] }}"
    # Parsed from the contiv_netmaster_internal list, this will be a port number.
    destination_port: "{{ item[0].split('/')[0] }}"
    # This is an IP address from a node in the cluster.
    source: "{{ item[1] }}"
    jump: ACCEPT
    comment: contiv
  with_nested:
    - "{{ contiv_netmaster_internal }}"
    - "{{ groups.oo_nodes_to_config|difference(hostvars[inventory_hostname]['ansible_' + contiv_netmaster_interface].ipv4.address)|list }}"
  notify: Save iptables rules

- name: Netmaster IPtables | Add external rules
  iptables:
    action: insert
    chain: INPUT
    # Parsed from the contiv_netmaster_external list, this will be tcp or udp.
    protocol: "{{ item.split('/')[1] }}"
    match: "{{ item.split('/')[1] }}"
    # Parsed from the contiv_netmaster_external list, this will be a port number.
    destination_port: "{{ item.split('/')[0] }}"
    jump: ACCEPT
    comment: contiv
  with_items: "{{ contiv_netmaster_external }}"
  notify: Save iptables rules