xoxys.firewalld/defaults/main.yml

113 lines
2.7 KiB
YAML
Raw Normal View History

2022-06-13 18:47:12 +00:00
---
2022-10-17 06:47:09 +00:00
firewalld_enabled: True
2022-06-13 18:47:12 +00:00
firewalld_default_zone: public
firewalld_allow_zone_drifting: False
2022-06-13 20:18:21 +00:00
# @var firewalld_ipsets:description: A firewalld ipset configuration provides the information of an ip set for firewalld.
# @var firewalld_ipsets:example: >
# firewalld_ipsets:
# - name: appserver
# type: "hash:net"
# short: "App Servers"
# description: "Allow http access from all appservers"
# option: {}
# entry:
# - 192.168.2.1
# - 192.168.2.2
# @end
2022-06-13 18:47:12 +00:00
firewalld_ipsets: []
firewalld_ipsets_extra: []
2022-06-13 20:18:21 +00:00
2022-10-12 14:22:57 +00:00
# @var firewalld_services:description: >
# A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules
# automatically loaded if a service is enabled.
# @var firewalld_services:example: >
# - name: ""
# short: ""
# description: ""
# port: []
# protocol: []
# source_port: []
# module: []
# destination: {}
2022-06-13 18:47:12 +00:00
firewalld_services: []
firewalld_services_extra: []
2022-06-13 18:47:12 +00:00
# @var firewalld_zones:example: >
# firewalld_zones:
# - name: ""
# short: ""
# description: ""
# target: ""
# interface:
# - name: ""
# source:
# - address: ""
# - mac: ""
# - ipset: ""
# service:
# - name: ""
# port:
# - { port: "", protocol: "" }
# protocol:
# - value:
# icmp-block:
# - name:
# icmp-block-inversion: true
# masquerade: true
2022-10-12 14:22:57 +00:00
# forward: true
2022-06-13 18:47:12 +00:00
# forward-port:
# - { port: "", protocol: "" }
# source-port:
# - { port: "", protocol: "" }
# rule:
# - source: { address: "", mac: "", ipset: ""}
# destination: { address: "", mac: "", ipset: ""}
# service: {name: ""}
# port: {port: "", protocol: ""}
# protocol: {value: ""}
# icmp-block:
# name: ""
# icmp-type:
# name: ""
# masquerade: true
# forward-port:
# port: ""
# protocol: ""
# to-port: ""
# to-addr: ""
# source-port:
# port: ""
# protocol: ""
# log:
# prefix: ""
# level: ""
# limit: ""
# audit:
# limit: ""
# accept:
# limit: ""
# reject:
# rejecttype: ""
# limit: ""
# drop:
# limit: ""
# mark:
# set:
# limit: ""
# end
2022-06-19 21:33:05 +00:00
firewalld_zones:
- name: "public"
short: "Public"
description: >-
For use in public areas. You do not trust the other computers on networks
to not harm your computer. Only selected incoming connections are accepted.
service:
- name: ssh
- name: dhcpv6-client
- name: cockpit
firewalld_zones_extra: []
firewalld_zones_unmanaged: []