I am currently looking into ansibles to store my configurations and deploy services more easily.
I have couple of iptable rules in /etc/iptables/rules.v4, which I can easily restore. Meanwhile, ansible has iptable role for configurations - hence, I am confused on what approach to take.
How do I persist this rules, especially across reboots? Should I rerun ansible every time on each reboot? I am at loss on how to best manage iptables, as other services can interact with it. How do you folks handle this? Thanks in advance!
Generally, you set up a rule + command playbook, where the command invokes the iptables-save command.
Yeah,
ansible.builtin.iptablesmakes the changes and the task then notifies a handler to invokeiptables-save.There’s a bunch of posts about the iptables-save function of the built-in iptables module not working in many cases, so I figured it was a safer bet to suggest the playbook include an actual command invocation.
In my personal experience, the module doesnt actually save the persistent rule in about half the cases. I haven’t looked into it much, but it seems happen more on systems where systemd iptables-firewall is present. (Not trying to start a flame war)
Sorry for being unclear, that’s what I meant. Set rules using the Ansible module, make them persistent by notifying a handler that makes a cmd call.