commit 90663f9e657a2c82cf50541d55311d297f91daf3
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Jul 31 10:53:59 2019 +0200
Update template for iptables ifcfg
roles/base/templates/ifcfg.j2 | 11 ++++++++++-
roles/base/templates/iptables/iptables | 14 +++++---------
2 files changed, 15 insertions(+), 10 deletions(-)
---
diff --git a/roles/base/templates/ifcfg.j2 b/roles/base/templates/ifcfg.j2
index 11ba66c..d04dc31 100644
--- a/roles/base/templates/ifcfg.j2
+++ b/roles/base/templates/ifcfg.j2
@@ -1,12 +1,17 @@
NAME="{{item}}"
BOOTPROTO="none"
-{% if item == "eth0" %}
+NM_CONTROLLED=yes
+{% if item in ansible_ifcfg_infra_net_devices %}
GATEWAY="{{gw}}"
{% endif %}
HWADDR="{{ hostvars[inventory_hostname]['ansible_' +
item]['macaddress']|upper }}"
+{% if item in ansible_ifcfg_disabled %}
+ONBOOT="no"
+{% else %}
IPADDR="{{ hostvars[inventory_hostname][item + '_ip'] }}"
NETMASK="{{ hostvars[inventory_hostname][item + '_nm'] }}"
ONBOOT="yes"
+{% endif %}
TYPE="Ethernet"
DEVICE="{{item}}"
{% for line in if_uuid.stdout_lines %}
@@ -23,3 +28,7 @@ IPV6_DEFAULTDEV={{item}}
IPV6_DEFAULTGW={{ hostvars[inventory_hostname][item + '_ipv6_gw'] }}
IPV6_MTU=1280
{% endif %}
+{% if hostvars[inventory_hostname][item + '_secondary_ip'] is defined %}
+IPADDR1="{{ hostvars[inventory_hostname][item + '_secondary_ip'] }}"
+PREFIX1=24
+{% endif %}
diff --git a/roles/base/templates/iptables/iptables
b/roles/base/templates/iptables/iptables
index e567479..3e578b8 100644
--- a/roles/base/templates/iptables/iptables
+++ b/roles/base/templates/iptables/iptables
@@ -50,19 +50,15 @@
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
-# nat table
+{% if nat_rules %}
*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
+:PREROUTING ACCEPT [0:]
+:INPUT ACCEPT [0:]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-# custom_nat_rules
-{% if custom_nat_rules is defined %}
-{% for rule in custom_nat_rules %}
+{% for rule in nat_rules %}
{{ rule }}
{% endfor %}
-{% endif %}
-
COMMIT
-
+{% endif %}