I am currently looking into ansibles to store my configurations and deploy services more easily.
I have couple of iptable rules in /etc/iptables/rules.v4, which I can easily restore. Meanwhile, ansible has iptable role for configurations - hence, I am confused on what approach to take.
How do I persist this rules, especially across reboots? Should I rerun ansible every time on each reboot? I am at loss on how to best manage iptables, as other services can interact with it. How do you folks handle this? Thanks in advance!
Yeah,
ansible.builtin.iptablesmakes the changes and the task then notifies a handler to invokeiptables-save.There’s a bunch of posts about the iptables-save function of the built-in iptables module not working in many cases, so I figured it was a safer bet to suggest the playbook include an actual command invocation.
In my personal experience, the module doesnt actually save the persistent rule in about half the cases. I haven’t looked into it much, but it seems happen more on systems where systemd iptables-firewall is present. (Not trying to start a flame war)
Sorry for being unclear, that’s what I meant. Set rules using the Ansible module, make them persistent by notifying a handler that makes a cmd call.