使用Ansible安装部署nginx+php+mysql之配置iptables防火墙(0)

前提:

1、已配置好hosts文件且免密码登录

2、需要的yaml文件已上传到主控端

一、使用Ansible配置iptables

1、iptables.yaml文件

 1 ---
 2 - hosts: clong
 3   remote_user: root
 4   gather_facts: no
 5   tasks:
 6     # 停止系统自带的firewalld防火墙 
 7     - name: stop firewalld
 8       service: name=firewalld state=stopped
 9     # 卸载系统自带的firewalld防火墙    
10     - name: remove firewalld
11       yum: name=firewalld state=absent
12     # 安装iptables防火墙  
13     - name: install iptables
14       yum: name=iptables-services state=present
15     # 开启iptables防火墙
16     - name: enable iptables
17       service: name=iptables state=started enabled=yes  
18     # 安装libselinux-python
19     - name: install libselinux-python
20       yum: name=libselinux-python state=present
21     # iptables防火墙配置文件放行80,3306端口 
22     - name: copy iptables
23       copy: src=iptables  dest=/etc/sysconfig/iptables backup=yes owner=root group=root mode=0600
24       notify: restart iptables
25     # 重启iptables防火墙
26   handlers:
27     - name: restart iptables
28       service: name=iptables state=restarted

2、iptables文件

 1 # sample configuration for iptables service
 2 # you can edit this manually or use system-config-firewall
 3 # please do not ask us to add additional ports/services to this default configuration
 4 *filter
 5 :INPUT ACCEPT [0:0]
 6 :FORWARD ACCEPT [0:0]
 7 :OUTPUT ACCEPT [0:0]
 8 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 9 -A INPUT -p icmp -j ACCEPT
10 -A INPUT -i lo -j ACCEPT
11 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
12 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
13 -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
14 -A INPUT -j REJECT --reject-with icmp-host-prohibited
15 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
16 COMMIT

 

posted @ 2017-08-02 12:49  哈喽哈喽111111  阅读(1360)  评论(0编辑  收藏  举报