this post was submitted on 10 Apr 2025
27 points (96.6% liked)

Selfhosted

59849 readers
293 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
27
Ansible iptables best practices? (sh.itjust.works)
submitted 1 year ago* (last edited 1 year ago) by someacnt@sh.itjust.works to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

I am currently looking into ansibles to store my configurations and deploy services more easily.

I have couple of iptable rules in /etc/iptables/rules.v4, which I can easily restore. Meanwhile, ansible has iptable role for configurations - hence, I am confused on what approach to take.

How do I persist this rules, especially across reboots? Should I rerun ansible every time on each reboot? I am at loss on how to best manage iptables, as other services can interact with it. How do you folks handle this? Thanks in advance!

you are viewing a single comment's thread
view the rest of the comments
[–] someacnt@sh.itjust.works 1 points 1 year ago (1 children)

Thank you! Templating rules.v4 is a pretty attractive option. Though my VPS has some portions of the file which should be unmodified, so I would have to avoid this method.

[–] mhzawadi@lemmy.horwood.cloud 2 points 1 year ago (1 children)

That's the point of the template, you change the bits the need change and the bits that are static get templated

[–] someacnt@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (1 children)

How do I keep some of the existing firewall rules (which is dependent on host) in the remote file, and change the other parts?

[–] polarity_inverter@startrek.website 1 points 1 year ago (2 children)

You could either copy them to the top of your template, or you could take a look at the blockinfile module

[–] mhzawadi@lemmy.horwood.cloud 1 points 1 year ago

The way I have my file, is a load of default stuff. Like block windows ports and allow SSH.

With a for loop that adds stuff for a specific host, like allow http/s for the web server.

[–] someacnt@sh.itjust.works 1 points 1 year ago

Thanks a lot! I will go with the blockinfile, sounds promising.