diff --git a/README.md b/README.md index d9d26f1..dd1262c 100644 --- a/README.md +++ b/README.md @@ -1 +1,232 @@ # xoxys.firewalld + +[![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.firewalld/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.firewalld) +[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.firewalld/src/branch/main/LICENSE) + +Setup and configure host firewall with firewalld. + +## Table of content + +- [Requirements](#requirements) +- [Default Variables](#default-variables) + - [firewalld_allow_zone_drifting](#firewalld_allow_zone_drifting) + - [firewalld_default_zone](#firewalld_default_zone) + - [firewalld_enabled](#firewalld_enabled) + - [firewalld_ipsets](#firewalld_ipsets) + - [firewalld_ipsets_extra](#firewalld_ipsets_extra) + - [firewalld_services](#firewalld_services) + - [firewalld_services_extra](#firewalld_services_extra) + - [firewalld_zones](#firewalld_zones) + - [firewalld_zones_extra](#firewalld_zones_extra) + - [firewalld_zones_unmanaged](#firewalld_zones_unmanaged) +- [Dependencies](#dependencies) +- [License](#license) +- [Author](#author) + +--- + +## Requirements + +- Minimum Ansible version: `2.10` + +## Default Variables + +### firewalld_allow_zone_drifting + +#### Default value + +```YAML +firewalld_allow_zone_drifting: false +``` + +### firewalld_default_zone + +#### Default value + +```YAML +firewalld_default_zone: public +``` + +### firewalld_enabled + +#### Default value + +```YAML +firewalld_enabled: true +``` + +### firewalld_ipsets + +A firewalld ipset configuration provides the information of an ip set for firewalld. + +#### Default value + +```YAML +firewalld_ipsets: [] +``` + +#### Example usage + +```YAML +firewalld_ipsets: + - name: appserver + type: "hash:net" + short: "App Servers" + description: "Allow http access from all appservers" + option: {} + entry: + - 192.168.2.1 + - 192.168.2.2 +``` + +### firewalld_ipsets_extra + +#### Default value + +```YAML +firewalld_ipsets_extra: [] +``` + +### firewalld_services + +A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules +automatically loaded if a service is enabled. + +#### Default value + +```YAML +firewalld_services: [] +``` + +#### Example usage + +```YAML + - name: "" + short: "" + description: "" + port: [] + protocol: [] + source_port: [] + module: [] + destination: {} +``` + +### firewalld_services_extra + +#### Default value + +```YAML +firewalld_services_extra: [] +``` + +### firewalld_zones + +#### Default value + +```YAML +firewalld_zones: + - name: public + short: Public + description: >- + For use in public areas. You do not trust the other computers on networks + to not harm your computer. Only selected incoming connections are accepted. + service: + - name: ssh + - name: dhcpv6-client + - name: cockpit +``` + +#### Example usage + +```YAML +firewalld_zones: + - name: "" + short: "" + description: "" + target: "" + interface: + - name: "" + source: + - address: "" + - mac: "" + - ipset: "" + service: + - name: "" + port: + - { port: "", protocol: "" } + protocol: + - value: + icmp-block: + - name: + icmp-block-inversion: true + masquerade: true + forward: true + forward-port: + - { port: "", protocol: "" } + source-port: + - { port: "", protocol: "" } + rule: + - source: { address: "", mac: "", ipset: ""} + destination: { address: "", mac: "", ipset: ""} + service: {name: ""} + port: {port: "", protocol: ""} + protocol: {value: ""} + icmp-block: + name: "" + icmp-type: + name: "" + masquerade: true + forward-port: + port: "" + protocol: "" + to-port: "" + to-addr: "" + source-port: + port: "" + protocol: "" + log: + prefix: "" + level: "" + limit: "" + audit: + limit: "" + accept: + limit: "" + reject: + rejecttype: "" + limit: "" + drop: + limit: "" + mark: + set: + limit: "" +end +``` + +### firewalld_zones_extra + +#### Default value + +```YAML +firewalld_zones_extra: [] +``` + +### firewalld_zones_unmanaged + +#### Default value + +```YAML +firewalld_zones_unmanaged: [] +``` + +## Dependencies + +None. + +## License + +MIT + +## Author + +[Robert Kaussow](https://gitea.rknet.org/xoxys)