reset: set v4/v6 default policies to ACCEPT and drop user chains (#12552)

2025-12-14 13:54:37 +03:00 · 2025-09-25 05:14:15 +02:00
parent 67632844cd
commit 51a1f08624
1 changed files with 37 additions and 0 deletions
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -188,6 +188,18 @@
  tags:
    - mounts

+- name: Set IPv4 iptables default policies to ACCEPT
+  iptables:
+    chain: "{{ item }}"
+    policy: ACCEPT
+  with_items:
+    - INPUT
+    - FORWARD
+    - OUTPUT
+  when: flush_iptables | bool and ipv4_stack
+  tags:
+    - iptables
+
 - name: Flush iptables
  iptables:
    table: "{{ item }}"
@@ -201,6 +213,25 @@
  tags:
    - iptables

+- name: Delete IPv4 user-defined chains # noqa command-instead-of-module
+  command: iptables -X
+  when: flush_iptables | bool and ipv4_stack
+  tags:
+    - iptables
+
+- name: Set IPv6 ip6tables default policies to ACCEPT
+  iptables:
+    chain: "{{ item }}"
+    policy: ACCEPT
+    ip_version: ipv6
+  with_items:
+    - INPUT
+    - FORWARD
+    - OUTPUT
+  when: flush_iptables | bool and ipv6_stack
+  tags:
+    - ip6tables
+
 - name: Flush ip6tables
  iptables:
    table: "{{ item }}"
@@ -215,6 +246,12 @@
  tags:
    - ip6tables

+- name: Delete IPv6 user-defined chains # noqa command-instead-of-module
+  command: ip6tables -X
+  when: flush_iptables | bool and ipv6_stack
+  tags:
+    - ip6tables
+
 - name: Clear IPVS virtual server table
  command: "ipvsadm -C"
  ignore_errors: true  # noqa ignore-errors