From 7b1970932fe53f85a60de515d7200a34337db2f4 Mon Sep 17 00:00:00 2001
From: Mohit Saini <mohit.saini@mygurukulam.co>
Date: Wed, 22 Oct 2025 21:02:57 +0530
Subject: [PATCH] iptables-configration

---
 tasks/amazon_linux.yam        | 3 +++
 tasks/configure_iptables.yaml | 9 +++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 tasks/amazon_linux.yam
 create mode 100644 tasks/configure_iptables.yaml

diff --git a/tasks/amazon_linux.yam b/tasks/amazon_linux.yam
new file mode 100644
index 0000000..3e41e2f
--- /dev/null
+++ b/tasks/amazon_linux.yam
@@ -0,0 +1,3 @@
+---
+- name: Amazon Linux 2 | iptables_configure
+  include_tasks:  configure_iptables.yaml
diff --git a/tasks/configure_iptables.yaml b/tasks/configure_iptables.yaml
new file mode 100644
index 0000000..0c0bc18
--- /dev/null
+++ b/tasks/configure_iptables.yaml
@@ -0,0 +1,9 @@
+    - name: Allow OUTPUT on loopback interface
+      ansible.builtin.command: iptables -A OUTPUT -o lo -j ACCEPT
+      args:
+        warn: false
+
+    - name: Drop traffic from 127.0.0.0/8 (anti-spoofing)
+      ansible.builtin.command: iptables -A INPUT -s 127.0.0.0/8 -j DROP
+      args:
+        warn: false