Robert Kaussow
5fdc77d788
|
||
|---|---|---|
| .woodpecker | ||
| defaults | ||
| handlers | ||
| meta | ||
| molecule | ||
| tasks | ||
| templates/etc/firewalld | ||
| vars | ||
| .gitignore | ||
| .later.yml | ||
| .markdownlint.yml | ||
| .prettierignore | ||
| LICENSE | ||
| README.md | ||
| pyproject.toml | ||
README.md
xoxys.firewalld
Setup and configure host firewall with firewalld.
Table of content
Requirements
- Minimum Ansible version:
2.10
Default Variables
firewalld_allow_zone_drifting
Default value
firewalld_allow_zone_drifting: false
firewalld_default_zone
Default value
firewalld_default_zone: public
firewalld_enabled
Default value
firewalld_enabled: true
firewalld_ipsets
A firewalld ipset configuration provides the information of an ip set for firewalld.
Default value
firewalld_ipsets: []
Example usage
firewalld_ipsets:
- name: appserver
type: "hash:net"
short: "App Servers"
description: "Allow http access from all appservers"
option: {}
entry:
- 192.168.2.1
- 192.168.2.2
firewalld_ipsets_extra
Default value
firewalld_ipsets_extra: []
firewalld_services
A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled.
Default value
firewalld_services: []
Example usage
- name: ""
short: ""
description: ""
port: []
protocol: []
source_port: []
module: []
destination: {}
firewalld_services_extra
Default value
firewalld_services_extra: []
firewalld_zones
Default value
firewalld_zones:
- name: public
short: Public
description: >-
For use in public areas. You do not trust the other computers on networks
to not harm your computer. Only selected incoming connections are accepted.
service:
- name: ssh
- name: dhcpv6-client
- name: cockpit
Example usage
firewalld_zones:
- name: ""
short: ""
description: ""
target: ""
interface:
- name: ""
source:
- address: ""
- mac: ""
- ipset: ""
service:
- name: ""
port:
- { port: "", protocol: "" }
protocol:
- value:
icmp-block:
- name:
icmp-block-inversion: true
masquerade: true
forward: true
forward-port:
- { port: "", protocol: "" }
source-port:
- { port: "", protocol: "" }
rule:
- source: { address: "", mac: "", ipset: ""}
destination: { address: "", mac: "", ipset: ""}
service: {name: ""}
port: {port: "", protocol: ""}
protocol: {value: ""}
icmp-block:
name: ""
icmp-type:
name: ""
masquerade: true
forward-port:
port: ""
protocol: ""
to-port: ""
to-addr: ""
source-port:
port: ""
protocol: ""
log:
prefix: ""
level: ""
limit: ""
audit:
limit: ""
accept:
limit: ""
reject:
rejecttype: ""
limit: ""
drop:
limit: ""
mark:
set:
limit: ""
end
firewalld_zones_extra
Default value
firewalld_zones_extra: []
firewalld_zones_unmanaged
Default value
firewalld_zones_unmanaged: []
Dependencies
None.
License
MIT