I'm writing a pretty simple ansible playbook for setting up our iptables firewall in centos. Here is the playbook I wrote:
---
- hosts: test
remote_user: deploy
sudo: True
tasks:
- name: Get iptables rules
shell: /sbin/iptables -L
register: iptablesrules
always_run: yes
- name: Add nginx iptables rule
command: /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT -m comment --comment "Nginx_HTTP"
when: iptablesrules.stdout.find("Nginx_HTTP") == -1
- name: Add nginx ssl iptables rule
command: /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT -m comment --comment "Nginx_SSL"
when: iptablesrules.stdout.find("Nginx_SSL") == -1
- name: Add postgres rule on ham0 interface
command: /sbin/iptables -I INPUT -p tcp -s 0/0 --sport 1024:65535 -d 0.0.0.0/0 --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT -m comment --comment "Postgres"
when: iptablesrules.stdout.find("Postgres") == -1
- name: save iptables
command: service iptables save
- name: ensure iptables is set to start at boot
action: command /sbin/chkconfig iptables on
Everything works as expected although I'm sure it can be better. But my question is regarding the Postgres rule. I want to dynamically replace the destination address of 0.0.0.0/0 with the IP of a specific interface (ham0) on the target box. I'm assuming I can do something like ansible_ham0.ipv4.address to get the IP address. But I'm not sure how to pass that into the Postgress rule as a variable.
I'm reading the documentation and having a bit of a hard time with it. I'll keep researching but in the interim if anyone has an idea of how to do this, I'd really appreciate the help.
Sorry for the quick Q&A, but I figured this out with a little tinkering.
Here is my updated playbook. Hopefully it helps someone else!