43 lines
1.5 KiB
YAML
43 lines
1.5 KiB
YAML
---
|
|
## Hacks Bozos WiFi's Ubiquiti ONT to allow for port forwarding.
|
|
|
|
- hosts: all
|
|
gather_facts: yes
|
|
become: yes
|
|
|
|
tasks:
|
|
- name: Check if the procedure has already been done before
|
|
stat:
|
|
path: /tmp/bozos.own3d
|
|
register: stat_result
|
|
|
|
- name: Kill wifiman process to prevent UISP contact (until this procedure runs again)
|
|
ansible.builtin.shell: killall wifiman
|
|
when: not stat_result.stat.exists
|
|
|
|
- name: Tell iptables to not drop any forward route packets, rather accept them
|
|
ansible.builtin.shell: iptables -D FORWARD -i veip0.1 -j DROP && iptables -A FORWARD -i veip0.1 -j ACCEPT
|
|
when: not stat_result.stat.exists
|
|
|
|
- name: Run more iptable rule cleanup
|
|
ansible.builtin.shell: iptables -D PORT_FW -j RETURN && iptables -D FORWARD -i veip0.1 -j PORT_FW
|
|
when: not stat_result.stat.exists
|
|
|
|
## Here goes the bullshit!
|
|
|
|
- name: Load Port Forwarding Table CSV
|
|
read_csv:
|
|
path: 'bozos_forwards.csv'
|
|
fieldnames: localport, remoteport
|
|
delimiter: ','
|
|
register: csv_output
|
|
delegate: localhost ## Wtf does this do?
|
|
|
|
- name: Add port forwarding rules for each CSV entry
|
|
debug:
|
|
msg: "{{ rule }}"
|
|
## loop: "{{ csv_output.list }}"
|
|
loop: "iptables -t nat -A PREROUTING -p tcp -i veip0.1 --dport {{ rule.remoteport }} -j DNAT --to-destination 192.168.9.11:{{ rule.localport }}"
|
|
loop_control:
|
|
extended: yes
|
|
label: "{{ ansible_loop.index0 }}" |