network/roles/firewall/tasks/conntrackd.yml

37 lines
797 B
YAML

- name: Install conntrack-tools
package:
name: conntrack-tools
# Ensure the module is loaded before setting sysctl values.
- name: Autoload nf_conntrack
lineinfile:
dest: /etc/modules-load.d/netfilter.conf
line: nf_conntrack
create: yes
# Set required sysctl values.
- name: Set sysctl values for conntrackd
copy:
dest: /etc/sysctl.d/
src: conntrackd.conf
- name: Set up conntrackd
template:
dest: /etc/conntrackd/conntrackd.conf
src: conntrackd.conf.j2
mode: 0644
notify: restart conntrackd
- name: Run conntrackd in default VRF
lineinfile:
dest: /etc/conf.d/conntrackd
line: 'vrf="default"'
regexp: '^vrf='
notify: restart conntrackd
- name: Enable conntrackd
service:
name: conntrackd
enabled: yes
state: started