Proper uninstall for DDoS logging

Fixes #74
noobient · Mar 4, 2023 · 9216cfc · 9216cfc
1 parent e2638bf
commit 9216cfc
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 12 deletions.
diff --git a/roles/install/handlers/main.yml b/roles/install/handlers/main.yml
@@ -4,10 +4,6 @@
     daemon_reload: true
   when: servicecheck.systemd
 
-- name: Reload firewalld configuration
-  command:
-    cmd: firewall-cmd --reload
-
 - name: Reload rsyslog configuration
   systemd:
     name: rsyslog.service

diff --git a/roles/install/tasks/firewalld.yml b/roles/install/tasks/firewalld.yml
@@ -30,14 +30,6 @@
     backup: true
   notify: Reload journald configuration
 
-# This will be enabled on-demand via klf
-#- name: Log packets denied by firewalld
-#  lineinfile:
-#    path: /etc/firewalld/firewalld.conf
-#    regexp: '^LogDenied='
-#    line: LogDenied=all
-#  notify: Reload firewalld configuration
-
 - include_role:
     name: bviktor.firewalld
   vars:

diff --git a/roles/uninstall/handlers/main.yml b/roles/uninstall/handlers/main.yml
@@ -3,3 +3,8 @@
   systemd:
     daemon_reload: true
   when: servicecheck.systemd
+
+- name: Reload rsyslog configuration
+  systemd:
+    name: rsyslog.service
+    state: restarted
diff --git a/roles/uninstall/tasks/firewalld.yml b/roles/uninstall/tasks/firewalld.yml
@@ -4,3 +4,14 @@
   vars:
     service: 'kf2'
     enabled: false
+
+- name: Remove firewalld log redirect
+  file:
+    path: /etc/rsyslog.d/firewalld-denied.conf
+    state: absent
+  notify: Reload rsyslog configuration
+
+- name: Remove firewalld log rotation
+  file:
+    path: /etc/logrotate.d/firewalld-denied
+    state: absent