Hi
Has anyone been able to make ansible work with ip6tables (for IPv6 firewall) ?
As per module documentation:
https://docs.ansible.com/ansible/2.5/modules/iptables_module.html
This is the same as the behaviour of the iptables and ip6tables command which this module uses internally.
But if I do:
- name: Allow traffic from loopback
ip6tables:
chain: INPUT
in_interface: lo
jump: ACCEPT
comment: Allow traffic from loopback
The playbook throws an error:
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
The error appears to have been in ‘firewall-ipv6.yml’: line 6, column 9, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
Start of basic config for firewall to make system work
- name: Allow traffic from loopback
^ here
Thanks.
Anurag,
If this is your entire playbook, you are missing the ‘tasks:’ directive.
Hi
That was not the entire playbook. I just took the specific portion out.
Here’s entire playbook (which includes tasks for your reference):
Karl_Auer
(Karl Auer)
4
Double check your indentation.
There is no Ansible module called ip6tables, if you read the documentation you linked in your first post you'll see how to use ipv6.
Just re-read but still can’t make out what to use for IPv6.
Can you share a sample playbook? All examples linked on the module page are for IPv4.
Thanks.
Karl_Auer
(Karl Auer)
7
Use the same module - just provide IPv6 addresses, networks etc. Also, see the “ipversion” attribute in the module.
Google seems to index not the most recent version of the docs. Here’s the current version: https://docs.ansible.com/ansible/latest/modules/iptables_module.html
Here’s an example:
- iptables:
chain: INPUT
protocol: tcp
destination_port: 8080
jump: ACCEPT
rule_num: 5
ip_version: “ipv6”
kind regards
Pshem
Hi Pshem
The addition of ip_version: “ipv6” works perfectly.
Thanks for your help.