I am currently looking into ansibles to store my configurations and deploy services more easily.
I have couple of iptable rules in /etc/iptables/rules.v4, which I can easily restore. Meanwhile, ansible has iptable role for configurations - hence, I am confused on what approach to take.
How do I persist this rules, especially across reboots? Should I rerun ansible every time on each reboot? I am at loss on how to best manage iptables, as other services can interact with it. How do you folks handle this? Thanks in advance!
Thank you! Templating rules.v4 is a pretty attractive option. Though my VPS has some portions of the file which should be unmodified, so I would have to avoid this method.
That’s the point of the template, you change the bits the need change and the bits that are static get templated
How do I keep some of the existing firewall rules (which is dependent on host) in the remote file, and change the other parts?
You could either copy them to the top of your template, or you could take a look at the blockinfile module
The way I have my file, is a load of default stuff. Like block windows ports and allow SSH.
With a for loop that adds stuff for a specific host, like allow http/s for the web server.
Thanks a lot! I will go with the blockinfile, sounds promising.