57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
---
|
|
- name: Aktiviere IPv4 Forwarding (Kernel)
|
|
sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: "1"
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
|
|
- name: Installiere iptables-persistent
|
|
apt:
|
|
name: iptables-persistent
|
|
state: present
|
|
|
|
- name: Spüle existierende IPTables Regeln
|
|
iptables:
|
|
chain: "{{ item }}"
|
|
flush: yes
|
|
loop:
|
|
- INPUT
|
|
- FORWARD
|
|
- OUTPUT
|
|
|
|
- name: Ermittle WAN Interface
|
|
shell: ip route show default | awk '/default/ {print $5}'
|
|
register: wan_interface
|
|
changed_when: false
|
|
|
|
- name: Aktiviere Masquerading (NAT) auf dem WAN Interface
|
|
iptables:
|
|
table: nat
|
|
chain: POSTROUTING
|
|
out_interface: "{{ wan_interface.stdout }}"
|
|
jump: MASQUERADE
|
|
|
|
- name: Erlaube Forwarding für internes Netz (10.10.0.0/16)
|
|
iptables:
|
|
chain: FORWARD
|
|
source: 10.10.0.0/16
|
|
destination: 10.10.0.0/16
|
|
jump: ACCEPT
|
|
|
|
- name: Erlaube Forwarding von Intern ins Internet (Established)
|
|
iptables:
|
|
chain: FORWARD
|
|
ctstate: ESTABLISHED,RELATED
|
|
jump: ACCEPT
|
|
|
|
- name: Erlaube Forwarding von Intern ins Internet (New)
|
|
iptables:
|
|
chain: FORWARD
|
|
source: 10.10.0.0/16
|
|
out_interface: "{{ wan_interface.stdout }}"
|
|
jump: ACCEPT
|
|
|
|
- name: Speichere IPTables Regeln dauerhaft
|
|
shell: netfilter-persistent save
|