Remotely restarting iptables

Archives Ansible Project
1

Hello,

I’m trying to restart iptables on both localhost and a remote host.
Iptables is actually restarted on both, but ansible doesn’t seem to pick up the restart on the remote host.

Ansible output:

TASK [Allow Apache to change agent configuration] ***************************************************
ok: [localhost]
ok: [10.0.3.5]

TASK [Restart Iptables/docker] **********************************************************************
changed: [localhost] => (item=iptables)

---- it just keeps waiting here for what seems to be forever.

iptables config:

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

NAT outgoing packets

-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9001 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4444 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4567 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4568 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4569 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4646 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4647 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4648 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 4648 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8300 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8301 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 8301 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8500 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8888 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7000 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7001 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 7199 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9042 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9160 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 47500 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 47100 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 31100 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 11211 -j ACCEPT
-A INPUT -i docker0 -j ACCEPT
-A INPUT -j LOG --log-prefix “INPUT:DROP:” --log-level info
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 -j ACCEPT
-A FORWARD -j LOG --log-prefix “FORWARD:DROP:” --log-level info
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT