this post was submitted on 10 Apr 2025
27 points (96.6% liked)

Selfhosted

59897 readers
700 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
27
Ansible iptables best practices? (sh.itjust.works)
submitted 1 year ago* (last edited 1 year ago) by someacnt@sh.itjust.works to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

I am currently looking into ansibles to store my configurations and deploy services more easily.

I have couple of iptable rules in /etc/iptables/rules.v4, which I can easily restore. Meanwhile, ansible has iptable role for configurations - hence, I am confused on what approach to take.

How do I persist this rules, especially across reboots? Should I rerun ansible every time on each reboot? I am at loss on how to best manage iptables, as other services can interact with it. How do you folks handle this? Thanks in advance!

you are viewing a single comment's thread
view the rest of the comments
[–] non_burglar@lemmy.world 2 points 1 year ago (1 children)

Generally, you set up a rule + command playbook, where the command invokes the iptables-save command.

[–] DasFaultier@sh.itjust.works 2 points 1 year ago (1 children)

Yeah, ansible.builtin.iptables makes the changes and the task then notifies a handler to invoke iptables-save.

[–] non_burglar@lemmy.world 1 points 1 year ago (1 children)

There's a bunch of posts about the iptables-save function of the built-in iptables module not working in many cases, so I figured it was a safer bet to suggest the playbook include an actual command invocation.

In my personal experience, the module doesnt actually save the persistent rule in about half the cases. I haven't looked into it much, but it seems happen more on systems where systemd iptables-firewall is present. (Not trying to start a flame war)

[–] DasFaultier@sh.itjust.works 1 points 1 year ago

Sorry for being unclear, that's what I meant. Set rules using the Ansible module, make them persistent by notifying a handler that makes a cmd call.