myserver-configuration/roles/iptables/tasks/block_basic_ddos.yml

---

- name: Accept FORWARD with tcp limit 1/second and syn
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: tcp
    syn: match
    limit: 1/second
    jump: ACCEPT
    comment: Accept FORWARD with tcp limit 1/second and syn
    state: present
  become: yes

- name: Accept FORWARD with udp limit 1/second
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: udp
    limit: 1/second
    jump: ACCEPT
    comment: Accept FORWARD with udp limit 1/second
    state: present
  become: yes

- name: Accept FORWARD with icmp limit 1/second
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: icmp
    icmp_type: echo-request
    limit: 1/second
    jump: ACCEPT
    comment: Accept FORWARD with icmp limit 1/second
    state: present
  become: yes