1 files changed, 13 insertions, 0 deletions
diff --git a/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf b/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf
new file mode 100644
index 0000000..4655374
--- /dev/null
+++ b/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf
@@ -0,0 +1,13 @@
+# Don't load iptables on startup (or ever)!
+# These look weird, but the 'blacklist' command still allows
+# module insertion.
+#
+# This method defines a load-time alias so when you load the module,
+# it runs a delegated command to load the module instead, but in
+# the case of denying modules completely, just run nothing.
+install ip6table_filter /bin/true
+install iptable_filter /bin/true
+install ip6_tables /bin/true
+install ip_tables /bin/true
+install x_tables /bin/true

diff --git a/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf b/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf new file mode 100644 index 0000000..4655374 --- /dev/null +++ b/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf
@@ -0,0 +1,13 @@
	1	# Don't load iptables on startup (or ever)!
	2
	3	# These look weird, but the 'blacklist' command still allows
	4	# module insertion.
	5	#
	6	# This method defines a load-time alias so when you load the module,
	7	# it runs a delegated command to load the module instead, but in
	8	# the case of denying modules completely, just run nothing.
	9	install ip6table_filter /bin/true
	10	install iptable_filter /bin/true
	11	install ip6_tables /bin/true
	12	install ip_tables /bin/true
	13	install x_tables /bin/true