diff --git a/index.md b/index.md new file mode 100644 index 0000000..15086c1 --- /dev/null +++ b/index.md @@ -0,0 +1,150 @@ +--- +title: firewalld +type: docs +--- + +[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.firewalld) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.firewalld?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.firewalld) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.firewalld/src/branch/main/LICENSE) + +Setup and configure host firewall with firewalld. + + + +- [Default Variables](#default-variables) + - [firewalld_allow_zone_drifting](#firewalld_allow_zone_drifting) + - [firewalld_default_zone](#firewalld_default_zone) + - [firewalld_ipsets](#firewalld_ipsets) + - [firewalld_services](#firewalld_services) + - [firewalld_zones](#firewalld_zones) +- [Dependencies](#dependencies) + +--- + +## Default Variables + +### firewalld_allow_zone_drifting + +#### Default value + +```YAML +firewalld_allow_zone_drifting: false +``` + +### firewalld_default_zone + +#### Default value + +```YAML +firewalld_default_zone: public +``` + +### firewalld_ipsets + +A firewalld ipset configuration provides the information of an ip set for firewalld. + +#### Default value + +```YAML +firewalld_ipsets: [] +``` + +#### Example usage + +```YAML +firewalld_ipsets: + - name: appserver + type: "hash:net" + short: "App Servers" + description: "Allow http access from all appservers" + option: {} + entry: + - 192.168.2.1 + - 192.168.2.2 +``` + +### firewalld_services + +#### Default value + +```YAML +firewalld_services: [] +``` + +### firewalld_zones + +#### Default value + +```YAML +firewalld_zones: [] +``` + +#### Example usage + +```YAML +firewalld_zones: + - name: "" + short: "" + description: "" + target: "" + interface: + - name: "" + source: + - address: "" + - mac: "" + - ipset: "" + service: + - name: "" + port: + - { port: "", protocol: "" } + protocol: + - value: + icmp-block: + - name: + icmp-block-inversion: true + masquerade: true + forward-port: + - { port: "", protocol: "" } + source-port: + - { port: "", protocol: "" } + rule: + - source: { address: "", mac: "", ipset: ""} + destination: { address: "", mac: "", ipset: ""} + service: {name: ""} + port: {port: "", protocol: ""} + protocol: {value: ""} + icmp-block: + name: "" + icmp-type: + name: "" + masquerade: true + forward-port: + port: "" + protocol: "" + to-port: "" + to-addr: "" + source-port: + port: "" + protocol: "" + log: + prefix: "" + level: "" + limit: "" + audit: + limit: "" + accept: + limit: "" + reject: + rejecttype: "" + limit: "" + drop: + limit: "" + mark: + set: + limit: "" +end +``` + + + +## Dependencies + +None.