summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
committerclarkzjw <[email protected]>2023-02-08 00:40:09 -0800
commit1204730924436ef9e1c7c49c9557837f9a5ed0e8 (patch)
tree129d79dfd11245751cee6d4082ff5d2f6e941610 /ansible/roles/disableFirewall/tasks
parent9635ac4dedf69de5bff65785bcc16bef80b52d75 (diff)
downloadmail-1204730924436ef9e1c7c49c9557837f9a5ed0e8.tar.gz
fork https://github.com/mattsta/mailwebHEADmaster
Diffstat (limited to 'ansible/roles/disableFirewall/tasks')
-rw-r--r--ansible/roles/disableFirewall/tasks/main.yml22
1 files changed, 22 insertions, 0 deletions
diff --git a/ansible/roles/disableFirewall/tasks/main.yml b/ansible/roles/disableFirewall/tasks/main.yml
new file mode 100644
index 0000000..9454702
--- /dev/null
+++ b/ansible/roles/disableFirewall/tasks/main.yml
@@ -0,0 +1,22 @@
1---
2# Our mail systems only listen to SMTP(S) and IMAP(S)
3# so we can disable all firewalls
4# This stops ufw, then uninstalls ufw and iptables (and ip6tables)
5- name: remove firewall
6 apt:
7 name: iptables
8 state: absent
9 register: firewallKaboom
10
11# removing iptables doesn't actually stop iptables processing,
12# so let's force remove all packet processing from the kernel itself here
13# TODO: this conditional could be better. would be nice if we had a fact
14# of loaded kernel modules to query the presence/absence of
15- name: unload firewall
16 command: modprobe -r ip6table_filter iptable_filter ip6_tables ip_tables x_tables
17 when: firewallKaboom.changed
18
19- name: disable iptables from reappearing in the future
20 copy:
21 src: modprobe.d/
22 dest: /etc/modprobe.d/
Powered by cgit v1.2.3 (git 2.41.0)