From edbc212af48064690d47679e04f9a9dc205e5e27 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Tue, 14 May 2019 09:41:44 +0200
Subject: [PATCH] add saving of tinc iptables rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 handlers/main.yml  | 3 +++
 tasks/firewall.yml | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/handlers/main.yml b/handlers/main.yml
index d57240c..3e1a4b8 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -4,3 +4,6 @@
     name: 'tinc@{{ tinc_network_name }}'
     state: restarted
     enabled: true
+
+- name: Save iptables rules
+  shell: iptables-save > /etc/iptables/rules.v4
diff --git a/tasks/firewall.yml b/tasks/firewall.yml
index 4706918..966e9cc 100644
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@@ -7,6 +7,8 @@
     chain: INPUT
     jump: ACCEPT
     in_interface: tun0
+  notify:
+    - Save iptables rules
 
 - name: Enable VPN connections for Docker
   tags: ['role::tinc', 'role::tinc:firewall']
@@ -16,6 +18,8 @@
     comment: VPN connections
     in_interface: tun0
     jump: ACCEPT
+  notify:
+    - Save iptables rules
 
 - name: Enable various service ports
   tags: ['role::tinc', 'role::tinc:firewall']
@@ -29,3 +33,5 @@
   with_items:
     - { "port": 655,  "cmt": "Tinc VPN TCP" }
     - { "port": 655,  "cmt": "Tinc VPN UDP", "prot": "udp" }
+  notify:
+    - Save iptables rules