Skip to content

Commit

Permalink
fix(iptables-ipset): ensure to create ipset lists and notify
Browse files Browse the repository at this point in the history
  • Loading branch information
@juju4
juju4 committed Nov 25, 2023
1 parent 5c7ea4e commit 4ceb5a3
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions tasks/iptables-ipset.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,27 @@
src: ipsets.conf.j2
dest: /etc/ipsets.conf
mode: '0644'
notify:
- Ipset restore

- name: Check existing lists
ansible.builtin.command: "ipset list"
changed_when: false
register: ipset

- name: Create ipset list
ansible.builtin.command: "ipset create {{ item.n }} {{ item.t }}"
loop: "{{ harden_ipset_list }}"
when: "item.n not in ipset"
register: ipset_create
changed_when:
- ipset_create.rc == 0
failed_when:
- ipset_create.rc != 0
- "'set with the same name already exists' not in ipset_create.stderr"
notify:
- Ipset restore

- name: Configure ipsets
ansible.builtin.template:
src: "{{ harden_iptables_ipset_template | default('ipsets.conf.j2') }}"
Expand Down

0 comments on commit 4ceb5a3

Please sign in to comment.