myserver-configuration/roles/iptables/tasks/block_basic_ddos.yml

---

- name: Accept FORWARD with tcp limit 1/second and syn
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: tcp
    syn: match
    limit: 1/second
    jump: ACCEPT
    comment: Accept FORWARD with tcp limit 1/second and syn
    state: present
  become: yes

- name: Accept FORWARD with udp limit 1/second
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: udp
    limit: 1/second
    jump: ACCEPT
    comment: Accept FORWARD with udp limit 1/second
    state: present
  become: yes

- name: Accept FORWARD with icmp limit 1/second
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: icmp
    icmp_type: echo-request
    limit: 1/second
    jump: ACCEPT
    comment: Accept FORWARD with icmp limit 1/second
    state: present
  become: yes
[IPTABLES] Add rules (Not tested) 2023-05-20 23:54:16 +02:00			`---`

			`- name: Accept FORWARD with tcp limit 1/second and syn`
			`ansible.builtin.iptables:`
			`chain: FORWARD`
			`protocol: tcp`
			`syn: match`
			`limit: 1/second`
			`jump: ACCEPT`
			`comment: Accept FORWARD with tcp limit 1/second and syn`
			`state: present`
			`become: yes`

			`- name: Accept FORWARD with udp limit 1/second`
			`ansible.builtin.iptables:`
			`chain: FORWARD`
			`protocol: udp`
			`limit: 1/second`
			`jump: ACCEPT`
			`comment: Accept FORWARD with udp limit 1/second`
			`state: present`
			`become: yes`

			`- name: Accept FORWARD with icmp limit 1/second`
			`ansible.builtin.iptables:`
			`chain: FORWARD`
			`protocol: icmp`
			`icmp_type: echo-request`
			`limit: 1/second`
			`jump: ACCEPT`
			`comment: Accept FORWARD with icmp limit 1/second`
			`state: present`
			`become: yes`