tripleo-ipsec/tasks/firewall.yml

---
- name: Open INPUT for UDP port 500 for the Internet Key Exchange (IKE) protocol
  iptables:
    action: insert
    chain: INPUT
    protocol: udp
    jump: ACCEPT
    source_port: 500
    destination_port: 500
  notify:
  - Save iptables rules
  - Restore iptables rules

- name: Open OUTPUT for UDP port 500 for the Internet Key Exchange (IKE) protocol
  iptables:
    action: insert
    chain: OUTPUT
    protocol: udp
    jump: ACCEPT
    source_port: 500
    destination_port: 500
  notify:
  - Save iptables rules
  - Restore iptables rules

- name: Open INPUT for UDP port 4500 for IKE NAT-Traversal
  iptables:
    action: insert
    chain: INPUT
    protocol: udp
    jump: ACCEPT
    source_port: 4500
    destination_port: 4500
  notify:
  - Save iptables rules
  - Restore iptables rules

- name: Open OUTPUT for UDP port 4500 for IKE NAT-Traversal
  iptables:
    action: insert
    chain: OUTPUT
    protocol: udp
    jump: ACCEPT
    source_port: 4500
    destination_port: 4500
  notify:
  - Save iptables rules
  - Restore iptables rules

- name: Open INPUT for Protocol 50 - Encapsulated Security Payload (ESP) IPsec packets
  iptables:
    action: insert
    chain: INPUT
    protocol: esp
    jump: ACCEPT
  notify:
  - Save iptables rules
  - Restore iptables rules

- name: Open OUTPUT for Protocol 50 - Encapsulated Security Payload (ESP) IPsec packets
  iptables:
    action: insert
    chain: OUTPUT
    protocol: esp
    jump: ACCEPT
  notify:
  - Save iptables rules
  - Restore iptables rules

- name: Open INPUT for Protocol 51 - Authentication Header (AH) traffic
  iptables:
    action: insert
    chain: INPUT
    protocol: ah
    jump: ACCEPT
  notify:
  - Save iptables rules
  - Restore iptables rules

- name: Open OUTPUT for Protocol 51 - Authentication Header (AH) traffic
  iptables:
    action: insert
    chain: OUTPUT
    protocol: ah
    jump: ACCEPT
  notify:
  - Save iptables rules
  - Restore iptables rules