From 68886a94101999382a87855ee43ed299e58d04ac Mon Sep 17 00:00:00 2001
From: chris <cg@zknt.org>
Date: Sat, 4 Jan 2020 14:48:10 +0100
Subject: [PATCH] require rpcbind

---
 roles/gluster/tasks/main.yaml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/roles/gluster/tasks/main.yaml b/roles/gluster/tasks/main.yaml
index 9158261..f77a2e8 100644
--- a/roles/gluster/tasks/main.yaml
+++ b/roles/gluster/tasks/main.yaml
@@ -1,4 +1,19 @@
 ---
+- name: install rpcbind
+  apt:
+    name: rpcbind
+- name: disable rpcbind from the internet
+  iptables:
+    action: insert
+    chain: INPUT
+    comment: drop portmapper
+    in_interface: "!nodevpn"
+    jump: DROP
+    protocol: "{{item}}"
+    destination_port: "111"
+  with_items:
+    - tcp
+    - udp
 - name: install gluster package
   apt:
     name: glusterfs-server
@@ -15,7 +30,7 @@
   mount:
     path: /mnt/gluster
     src: /dev/sdb
-    options: noatime
+    opts: noatime
     fstype: ext4
     state: mounted
 - name: gluster peers