epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-15 06:14:22 +03:00
Code Issues Packages Projects Releases Wiki Activity

reset: set v4/v6 default policies to ACCEPT and drop user chains (#12552)

Browse Source
This commit is contained in:
Sassan torabkheslat
2025-09-25 05:14:15 +02:00
committed by GitHub
parent 67632844cd
commit 51a1f08624
1 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
roles/reset/tasks/main.yml
View File

@@ -188,6 +188,18 @@
tags: tags:
- mounts - mounts
- name: Set IPv4 iptables default policies to ACCEPT
iptables:
chain: "{{ item }}"
policy: ACCEPT
with_items:
- INPUT
- FORWARD
- OUTPUT
when: flush_iptables | bool and ipv4_stack
tags:
- iptables
- name: Flush iptables - name: Flush iptables
iptables: iptables:
table: "{{ item }}" table: "{{ item }}"
@@ -201,6 +213,25 @@
tags: tags:
- iptables - iptables
- name: Delete IPv4 user-defined chains # noqa command-instead-of-module
command: iptables -X
when: flush_iptables | bool and ipv4_stack
tags:
- iptables
- name: Set IPv6 ip6tables default policies to ACCEPT
iptables:
chain: "{{ item }}"
policy: ACCEPT
ip_version: ipv6
with_items:
- INPUT
- FORWARD
- OUTPUT
when: flush_iptables | bool and ipv6_stack
tags:
- ip6tables
- name: Flush ip6tables - name: Flush ip6tables
iptables: iptables:
table: "{{ item }}" table: "{{ item }}"
@@ -215,6 +246,12 @@
tags: tags:
- ip6tables - ip6tables
- name: Delete IPv6 user-defined chains # noqa command-instead-of-module
command: ip6tables -X
when: flush_iptables | bool and ipv6_stack
tags:
- ip6tables
- name: Clear IPVS virtual server table - name: Clear IPVS virtual server table
command: "ipvsadm -C" command: "ipvsadm -C"
ignore_errors: true # noqa ignore-errors ignore_errors: true # noqa ignore-errors