PHiAX/Raspberry-Pi-IaC
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Comment out ufw rules

Browse source
This commit is contained in:
Thomas Kleinendorst 2024-04-15 09:50:33 +02:00
parent 2502d034d9
commit 690b2d56d8
3 changed files with 77 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

52
roles/pi-hole/tasks/main.yml
View file

@ -74,29 +74,29 @@
- name: Debug
ansible.builtin.debug:
msg: "Don't forget to manually add a DNS record for pi-hole.kleinendorst.info pointing to: {{ ansible_facts['default_ipv4']['address'] }}."
- name: Add forwarding rules for ufw
become: true
ansible.builtin.blockinfile:
path: /etc/ufw/before.rules
insertbefore: "^\\*filter$"
block: |
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
-A PREROUTING -p udp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
COMMIT
notify: Restart ufw
- name: Allow all access to port 53 (udp)
become: true
community.general.ufw:
rule: allow
port: '53'
proto: udp
notify: Restart ufw
- name: Allow all access to port 53 (tcp)
become: true
community.general.ufw:
rule: allow
port: '53'
proto: tcp
notify: Restart ufw
# - name: Add forwarding rules for ufw
# become: true
# ansible.builtin.blockinfile:
# path: /etc/ufw/before.rules
# insertbefore: "^\\*filter$"
# block: |
# *nat
# :PREROUTING ACCEPT [0:0]
# -A PREROUTING -p tcp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
# -A PREROUTING -p udp -i eth0 --dport 53 -j DNAT \ --to-destination 127.0.0.1:5053
# COMMIT
# notify: Restart ufw
# - name: Allow all access to port 53 (udp)
# become: true
# community.general.ufw:
# rule: allow
# port: '53'
# proto: udp
# notify: Restart ufw
# - name: Allow all access to port 53 (tcp)
# become: true
# community.general.ufw:
# rule: allow
# port: '53'
# proto: tcp
# notify: Restart ufw