Commit 0ecb14bf authored by Rafael Monnerat's avatar Rafael Monnerat

playbook: Include a script for open firewall.

parent 45b088b6
#!/bin/bash
if [ -f /sbin/ip6tables ]; then
if [ 0 -ne `ip6tables -L | grep -E "(DROP|REJECT)" | wc -l` ]; then
ip6tables -P FORWARD ACCEPT
ip6tables -I OUTPUT 1 -p udp --dport 6696 -j ACCEPT
ip6tables -I OUTPUT 2 -p udp --dport 326 -j ACCEPT
ip6tables -I INPUT 1 -p udp --dport 6696 -j ACCEPT
ip6tables -I INPUT 2 -p udp --dport 326 -j ACCEPT
echo "Updated firewall, openned ports 6696 and 326."
else
echo "OK (firewall is disabled)"
fi
else
echo "OK (no ip6tables found)"
fi
...@@ -37,6 +37,13 @@ ...@@ -37,6 +37,13 @@
copy: src=centos_6_init_d dest=/etc/init.d/re6stnet mode=755 copy: src=centos_6_init_d dest=/etc/init.d/re6stnet mode=755
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6' and recheck_re6stnet_conf.stat.exists == True when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6' and recheck_re6stnet_conf.stat.exists == True
- name: Create centos 6 init.d missing file
copy: src=ip6tables dest=/usr/bin/re6stnet-ip6tables-check mode=755
- shell: /usr/bin/re6stnet-ip6tables-check
- cron: name="ip6tables at reboot" special_time=reboot job="sleep 20 && /usr/bin/re6stnet-ip6tables-check"
- name: Start re6st-node service - name: Start re6st-node service
service: name=re6stnet state=started enabled=yes service: name=re6stnet state=started enabled=yes
when: recheck_re6stnet_conf.stat.exists == True when: recheck_re6stnet_conf.stat.exists == True
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment