151 lines
2.9 KiB
Markdown
151 lines
2.9 KiB
Markdown
|
---
|
||
|
title: firewalld
|
||
|
type: docs
|
||
|
---
|
||
|
|
||
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.firewalld) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.firewalld?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.firewalld) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.firewalld/src/branch/main/LICENSE)
|
||
|
|
||
|
Setup and configure host firewall with firewalld.
|
||
|
|
||
|
<!--more-->
|
||
|
|
||
|
- [Default Variables](#default-variables)
|
||
|
- [firewalld_allow_zone_drifting](#firewalld_allow_zone_drifting)
|
||
|
- [firewalld_default_zone](#firewalld_default_zone)
|
||
|
- [firewalld_ipsets](#firewalld_ipsets)
|
||
|
- [firewalld_services](#firewalld_services)
|
||
|
- [firewalld_zones](#firewalld_zones)
|
||
|
- [Dependencies](#dependencies)
|
||
|
|
||
|
---
|
||
|
|
||
|
## Default Variables
|
||
|
|
||
|
### firewalld_allow_zone_drifting
|
||
|
|
||
|
#### Default value
|
||
|
|
||
|
```YAML
|
||
|
firewalld_allow_zone_drifting: false
|
||
|
```
|
||
|
|
||
|
### firewalld_default_zone
|
||
|
|
||
|
#### Default value
|
||
|
|
||
|
```YAML
|
||
|
firewalld_default_zone: public
|
||
|
```
|
||
|
|
||
|
### firewalld_ipsets
|
||
|
|
||
|
A firewalld ipset configuration provides the information of an ip set for firewalld.
|
||
|
|
||
|
#### Default value
|
||
|
|
||
|
```YAML
|
||
|
firewalld_ipsets: []
|
||
|
```
|
||
|
|
||
|
#### Example usage
|
||
|
|
||
|
```YAML
|
||
|
firewalld_ipsets:
|
||
|
- name: appserver
|
||
|
type: "hash:net"
|
||
|
short: "App Servers"
|
||
|
description: "Allow http access from all appservers"
|
||
|
option: {}
|
||
|
entry:
|
||
|
- 192.168.2.1
|
||
|
- 192.168.2.2
|
||
|
```
|
||
|
|
||
|
### firewalld_services
|
||
|
|
||
|
#### Default value
|
||
|
|
||
|
```YAML
|
||
|
firewalld_services: []
|
||
|
```
|
||
|
|
||
|
### firewalld_zones
|
||
|
|
||
|
#### Default value
|
||
|
|
||
|
```YAML
|
||
|
firewalld_zones: []
|
||
|
```
|
||
|
|
||
|
#### Example usage
|
||
|
|
||
|
```YAML
|
||
|
firewalld_zones:
|
||
|
- name: ""
|
||
|
short: ""
|
||
|
description: ""
|
||
|
target: ""
|
||
|
interface:
|
||
|
- name: ""
|
||
|
source:
|
||
|
- address: ""
|
||
|
- mac: ""
|
||
|
- ipset: ""
|
||
|
service:
|
||
|
- name: ""
|
||
|
port:
|
||
|
- { port: "", protocol: "" }
|
||
|
protocol:
|
||
|
- value:
|
||
|
icmp-block:
|
||
|
- name:
|
||
|
icmp-block-inversion: true
|
||
|
masquerade: true
|
||
|
forward-port:
|
||
|
- { port: "", protocol: "" }
|
||
|
source-port:
|
||
|
- { port: "", protocol: "" }
|
||
|
rule:
|
||
|
- source: { address: "", mac: "", ipset: ""}
|
||
|
destination: { address: "", mac: "", ipset: ""}
|
||
|
service: {name: ""}
|
||
|
port: {port: "", protocol: ""}
|
||
|
protocol: {value: ""}
|
||
|
icmp-block:
|
||
|
name: ""
|
||
|
icmp-type:
|
||
|
name: ""
|
||
|
masquerade: true
|
||
|
forward-port:
|
||
|
port: ""
|
||
|
protocol: ""
|
||
|
to-port: ""
|
||
|
to-addr: ""
|
||
|
source-port:
|
||
|
port: ""
|
||
|
protocol: ""
|
||
|
log:
|
||
|
prefix: ""
|
||
|
level: ""
|
||
|
limit: ""
|
||
|
audit:
|
||
|
limit: ""
|
||
|
accept:
|
||
|
limit: ""
|
||
|
reject:
|
||
|
rejecttype: ""
|
||
|
limit: ""
|
||
|
drop:
|
||
|
limit: ""
|
||
|
mark:
|
||
|
set:
|
||
|
limit: ""
|
||
|
end
|
||
|
```
|
||
|
|
||
|
|
||
|
|
||
|
## Dependencies
|
||
|
|
||
|
None.
|