arillso.system.iptables role – Manage iptables rules
Note
This role is part of the arillso.system collection (version 0.0.34).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it use: ansible-galaxy collection install arillso.system
.
To use it in a playbook, specify: arillso.system.iptables
.
Entry point main
– Manage iptables rules
Synopsis
Manage iptables rules including creation, modification, and deletion.
Parameters
Parameter |
Comments |
---|---|
List of iptables rules to be managed. Each item in the list is a dict that specifies parameters of a rule. Default: |
|
Action to perform on the rule (append, insert, delete). Default: |
|
Specifies the chain where the rule will be added (e.g., INPUT, FORWARD, OUTPUT). |
|
Comment associated with the rule. |
|
Destination address or network to match. |
|
Single destination port to match. |
|
Target chain to jump to for ‘GOTO’ action. |
|
Incoming interface to match (e.g., eth0). |
|
Target chain to jump to for ‘JUMP’ action. |
|
Outgoing interface to match (e.g., eth1). |
|
Network protocol to match (e.g., tcp, udp, icmp). |
|
Source address or network to match. |
|
Single source port to match. |
|
State of the rule (e.g., present, absent). Default: |
|
Table to apply the rule (e.g., filter, nat). Default: |
Entry point modify_iptables
– Manage iptables rules
Synopsis
Manage iptables rules including creation, modification, and deletion.
Parameters
Parameter |
Comments |
---|---|
Action to perform on the rule (append, insert, delete). Default: |
|
Name of the iptables chain to modify (e.g., INPUT, FORWARD, OUTPUT). Default: |
|
Comment associated with the rule. |
|
Connection tracking states to match (e.g., NEW, ESTABLISHED). |
|
Destination address or network to match. |
|
Single destination port to match. |
|
Range or multiple destination ports to match. |
|
Destination address range to match. |
|
Custom flags to match. |
|
Set of flags to match. |
|
Flush rules in the specified chain. Choices:
|
|
Match fragmented packets. Choices:
|
|
Gateway to use for redirected packets. |
|
Group ID to match for ownership. |
|
Target chain to jump to for ‘GOTO’ action. |
|
ICMP type to match. |
|
Incoming interface to match (e.g., eth0). |
|
IP version to use (ipv4, ipv6). |
|
Target chain to jump to for ‘JUMP’ action. |
|
Rate limit matching for a rule. |
|
Maximum burst rate allowed before the limit rule applies. |
|
Log level for logging rule matches. |
|
Prefix for log messages. |
|
Match criteria for the rule. |
|
Match set for ‘ipset’ match. |
|
Flags for the ‘ipset’ match. |
|
Outgoing interface to match (e.g., eth1). |
|
Policy to set on the chain (e.g., ACCEPT, DROP). |
|
Network protocol to match (e.g., tcp, udp, icmp). |
|
Option for rejecting packets. |
|
Rule number to insert/delete a specific rule. |
|
Set packet and byte counters for a rule. |
|
Set DSCP mark in the IP header. |
|
Set DSCP class in the IP header. |
|
Source address or network to match. |
|
Single source port to match. |
|
Source address range to match. |
|
State of the rule (present, absent). Default: |
|
Match SYN packets. Choices:
|
|
Table to apply the rule (e.g., filter, nat). Default: |
|
TCP flags to match. |
|
Target IP address for DNAT/SNAT. |
|
Target port(s) for DNAT/SNAT. |
|
Source IP address for SNAT. |
|
User ID to match for ownership. |
|
Wait time for xtables lock. |