firewall rules for postgresql and redis

2022-10-06 22:29:53 +02:00 · 2022-10-06 22:29:53 +02:00 · 10f4f4863a
commit 10f4f4863a
parent 73b5b7b867
2 changed files with 43 additions and 1 deletions
--- a/start-server/tasks/main.yml
+++ b/start-server/tasks/main.yml
@ -46,4 +46,24 @@

 - name: debug output
  debug: 
-    var: output
+    var: output
+
+- name: Allow port postgresql 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 54321
+    jump: ACCEPT
+    state: present
+  become: yes
+  become_method: sudo
+
+- name: Allow port redis 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 63791
+    jump: ACCEPT
+    state: present
+  become: yes
+  become_method: sudo
--- a/stop-server/tasks/main.yml
+++ b/stop-server/tasks/main.yml
@ -1,6 +1,27 @@
 ---
 # tasks file for server

+- name: Disallow port postgresql 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 54321
+    jump: ACCEPT
+    state: absent
+  become: yes
+  become_method: sudo
+
+
+- name: Disallow port redis 
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 63791
+    jump: ACCEPT
+    state: absent
+  become: yes
+  become_method: sudo
+
 - name: Stopping existing service
  community.docker.docker_compose:
    project_src: /home/valentin/db
@ -11,3 +32,4 @@
 - name: Debug output
  debug:
    var: output
+