3903ca92e9
This is useful if forwarded packets need to exit on a different interface depending on the source or destination IP address or port. Change-Id: Ifbfbade4baaa1901b08549e52acc725e45379a16
25 lines
910 B
YAML
25 lines
910 B
YAML
---
|
|
- name: Ensure iptables is installed
|
|
package:
|
|
name: iptables
|
|
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
|
|
update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
|
|
become: true
|
|
|
|
# iptables -t nat -A POSTROUTING -o {{ interface }} -j SNAT --to-source {{ source_ip }}
|
|
- name: Ensure SNAT iptables rules exist
|
|
iptables:
|
|
action: append
|
|
table: nat
|
|
chain: POSTROUTING
|
|
out_interface: "{{ item.interface }}"
|
|
jump: SNAT
|
|
to_source: "{{ item.source_ip }}"
|
|
destination: "{{ item.destination | default(omit) }}"
|
|
destination_port: "{{ item.destination_port | default(omit) }}"
|
|
destination_ports: "{{ item.destination_ports | default(omit) }}"
|
|
source: "{{ item.source | default(omit) }}"
|
|
source_port: "{{ item.source_port | default(omit) }}"
|
|
with_items: "{{ snat_rules }}"
|
|
become: True
|