myserver-configuration/roles/iptables/tasks/block_port_scan.yml

---

- name: Accept FORWARD with tcp limit 1/second and tcp_flags
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: tcp
    tcp_flags:
      flags:
        - SYN
        - ACK
        - FIN
        - RST
      flags_set:
        - RST
    limit: 1/second
    jump: ACCEPT
    comment: Accept FORWARD with tcp limit 1/second and tcp_flags
    state: present
  become: yes
[IPTABLES] Add rules (Not tested) 2023-05-20 23:54:16 +02:00			`---`

			`- name: Accept FORWARD with tcp limit 1/second and tcp_flags`
			`ansible.builtin.iptables:`
			`chain: FORWARD`
			`protocol: tcp`
			`tcp_flags:`
			`flags:`
			`- SYN`
			`- ACK`
			`- FIN`
			`- RST`
			`flags_set:`
			`- RST`
			`limit: 1/second`
			`jump: ACCEPT`
			`comment: Accept FORWARD with tcp limit 1/second and tcp_flags`
			`state: present`
			`become: yes`