From 85e6948fca954d3c066bf5a6123ada6b96adf45c Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Thu, 19 Mar 2015 15:06:38 -0700 Subject: * Add DOCKER chain to iptables --- roles/os_firewall/tasks/firewall/iptables.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'roles/os_firewall/tasks') diff --git a/roles/os_firewall/tasks/firewall/iptables.yml b/roles/os_firewall/tasks/firewall/iptables.yml index 87e77c083..3d46d6e2d 100644 --- a/roles/os_firewall/tasks/firewall/iptables.yml +++ b/roles/os_firewall/tasks/firewall/iptables.yml @@ -41,6 +41,20 @@ changed_when: "'firewalld' in result.stdout" when: pkg_check.rc == 0 +- name: Check for DOCKER chain + shell: iptables -L |grep '^Chain DOCKER' + ignore_errors: yes + register: check_for_chain + +- name: Create DOCKER chain + command: iptables -N DOCKER + register: create_chain + when: check_for_chain.rc != 0 + +- name: Persist DOCKER chain + command: service iptables save + when: create_chain.rc == 0 + - name: Add iptables allow rules os_firewall_manage_iptables: name: "{{ item.service }}" -- cgit v1.2.3