diff options
| author | Daniel Vigueras <dvigueras@doalitic.com> | 2015-11-02 10:36:58 +0100 |
|---|---|---|
| committer | Daniel Vigueras <dvigueras@doalitic.com> | 2015-11-02 10:55:54 +0100 |
| commit | b0278c1f6a0b84c0a91b020c5a5405473924fe1d (patch) | |
| tree | 1ce334a1230c28df22886c79d0abb5ca443c39f0 /system/iptables.py | |
| parent | ed1cf0ecc218d67c44c64f91762e464e998c35da (diff) | |
| download | ansible-modules-extras-b0278c1f6a0b84c0a91b020c5a5405473924fe1d.tar.gz | |
Add conntrack module ctstate support to iptables
Diffstat (limited to 'system/iptables.py')
| -rw-r--r-- | system/iptables.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/system/iptables.py b/system/iptables.py index 726a5d7e..59dc187c 100644 --- a/system/iptables.py +++ b/system/iptables.py @@ -203,6 +203,12 @@ options: description: - "This specifies a comment that will be added to the rule" required: false + ctstate: + description: + - "ctstate is a comma separated list of the connection states to match in + the conntrack module. Possible states are: 'INVALID', 'NEW', + 'ESTABLISHED', 'RELATED', 'UNTRACKED', 'SNAT', 'DNAT'" + required: false ''' EXAMPLES = ''' @@ -213,6 +219,10 @@ EXAMPLES = ''' # Forward port 80 to 8600 - iptables: table=nat chain=PREROUTING in_interface=eth0 protocol=tcp match=tcp destination_port=80 jump=REDIRECT to_ports=8600 comment="Redirect web traffic to port 8600" become: yes + +# Allow related and established connections +- iptables: chain=INPUT ctstate=ESTABLISHED,RELATED jump=ACCEPT + become: yes ''' @@ -230,6 +240,12 @@ def append_comm(rule, param): rule.extend(['comment']) +def append_conntrack(rule, param): + if param: + rule.extend(['-m']) + rule.extend(['conntrack']) + + def construct_rule(params): rule = [] append_param(rule, params['protocol'], '-p', False) @@ -247,6 +263,8 @@ def construct_rule(params): append_param(rule, params['to_ports'], '--to-ports', False) append_comm(rule, params['comment']) append_param(rule, params['comment'], '--comment', False) + append_conntrack(rule, params['ctstate']) + append_param(rule, params['ctstate'], '--ctstate', False) return rule @@ -296,6 +314,7 @@ def main(): destination_port=dict(required=False, default=None, type='str'), to_ports=dict(required=False, default=None, type='str'), comment=dict(required=False, default=None, type='str'), + ctstate=dict(required=False, default=None, type='str'), ), ) args = dict( |