vpn

2026-02-09 20:42:24 +03:00
parent 0a8f11397d
commit a6d2623802
38 changed files with 2198 additions and 1 deletions
--- a/roles/xray-vps-setup/tasks/iptables.yml
+++ b/roles/xray-vps-setup/tasks/iptables.yml
@@ -0,0 +1,46 @@
+- name: IPTables rules
+  block:
+    - name: Install netfilter-persistent
+      apt:
+        name: netfilter-persistent
+        state: present
+    - name: Allow related and established connections
+      ansible.builtin.iptables:
+        chain: INPUT
+        ctstate: ESTABLISHED,RELATED
+        jump: ACCEPT
+      become: yes
+    - name: Allow new incoming SYN packets on specified port
+      ansible.builtin.iptables:
+        chain: INPUT
+        protocol: tcp
+        destination_port: "{{ SSH_PORT }}"
+        ctstate: NEW
+        syn: match
+        jump: ACCEPT
+    - name: Allow ICMP 
+      ansible.builtin.iptables:
+        chain: INPUT
+        protocol: icmp
+        jump: ACCEPT
+    - name: Allow 80, 443 connections
+      ansible.builtin.iptables:
+        chain: INPUT
+        protocol: tcp
+        destination_ports:
+          - "80"
+          - "443"
+        jump: ACCEPT
+    - name: Allow loopback in
+      shell:
+        cmd: iptables -A INPUT -i lo -j ACCEPT
+    - name: Allow loopback out
+      shell:
+        cmd: iptables -A OUTPUT -o lo -j ACCEPT
+    - name: INPUT DROP
+      ansible.builtin.iptables:
+        chain: INPUT
+        policy: DROP
+    - name: Save iptables rules
+      shell:
+        cmd: netfilter-persistent save