From 810b11fd42ecb8d5ec910f84c228b21264759651 Mon Sep 17 00:00:00 2001
From: Julien Muchembled <jm@nexedi.com>
Date: Wed, 21 Sep 2016 19:46:41 +0200
Subject: [PATCH] playbook: do not touch the firewall

---
 playbook/roles/re6stnet/files/ip6tables | 16 ----------------
 playbook/roles/re6stnet/tasks/main.yml  | 10 ++--------
 2 files changed, 2 insertions(+), 24 deletions(-)
 delete mode 100644 playbook/roles/re6stnet/files/ip6tables

diff --git a/playbook/roles/re6stnet/files/ip6tables b/playbook/roles/re6stnet/files/ip6tables
deleted file mode 100644
index d2fb6b9e..00000000
--- a/playbook/roles/re6stnet/files/ip6tables
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-if [ -f /sbin/ip6tables ]; then
-  if [ 0 -ne `ip6tables -L | grep -E "(DROP|REJECT)" | wc -l` ]; then
-    ip6tables -P FORWARD ACCEPT
-    ip6tables -I OUTPUT 1 -p udp --dport 6696 -j ACCEPT
-    ip6tables -I OUTPUT 2 -p udp --dport 326 -j ACCEPT
-    ip6tables -I INPUT 1 -p udp --dport 6696 -j ACCEPT
-    ip6tables -I INPUT 2 -p udp --dport 326 -j ACCEPT
-    echo "Updated firewall, openned ports 6696 and 326."
-  else
-    echo "OK (firewall is disabled)"
-  fi
-else
-  echo "OK (no ip6tables found)"
-fi
diff --git a/playbook/roles/re6stnet/tasks/main.yml b/playbook/roles/re6stnet/tasks/main.yml
index 693861f8..fc981c82 100644
--- a/playbook/roles/re6stnet/tasks/main.yml
+++ b/playbook/roles/re6stnet/tasks/main.yml
@@ -39,14 +39,8 @@
     copy: src=centos_6_init_d dest=/etc/init.d/re6stnet mode=755
     when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6' and recheck_re6stnet_conf.stat.exists == True
 
-  - name: Add script for check ip6tables well configured
-    copy: src=ip6tables dest=/usr/bin/re6stnet-ip6tables-check mode=755
-
-  - name: Run re6stnet-ip6tables-check
-    shell: /usr/bin/re6stnet-ip6tables-check
-
-  - name: Include re6stnet-ip6tables-check at reboot on cron
-    cron: name="ip6tables at reboot" special_time=reboot job="sleep 20 && /usr/bin/re6stnet-ip6tables-check"
+  - file: path=/usr/bin/re6stnet-ip6tables-check state=absent
+  - cron: name="ip6tables at reboot" state=absent
 
   - include: tcp_nodelay.yml
 
-- 
2.30.9