# xoxys.firewalld [![Build Status](https://ci.rknet.org/api/badges/ansible/xoxys.firewalld/status.svg)](https://ci.rknet.org/repos/ansible/xoxys.firewalld) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.firewalld/src/branch/main/LICENSE) Setup and configure host firewall with firewalld. ## Table of content - [Requirements](#requirements) - [Default Variables](#default-variables) - [firewalld_allow_zone_drifting](#firewalld_allow_zone_drifting) - [firewalld_default_zone](#firewalld_default_zone) - [firewalld_enabled](#firewalld_enabled) - [firewalld_ipsets](#firewalld_ipsets) - [firewalld_ipsets_extra](#firewalld_ipsets_extra) - [firewalld_services](#firewalld_services) - [firewalld_services_extra](#firewalld_services_extra) - [firewalld_zones](#firewalld_zones) - [firewalld_zones_extra](#firewalld_zones_extra) - [firewalld_zones_unmanaged](#firewalld_zones_unmanaged) - [Dependencies](#dependencies) - [License](#license) - [Author](#author) --- ## Requirements - Minimum Ansible version: `2.10` ## Default Variables ### firewalld_allow_zone_drifting #### Default value ```YAML firewalld_allow_zone_drifting: false ``` ### firewalld_default_zone #### Default value ```YAML firewalld_default_zone: public ``` ### firewalld_enabled #### Default value ```YAML firewalld_enabled: true ``` ### firewalld_ipsets A firewalld ipset configuration provides the information of an ip set for firewalld. #### Default value ```YAML firewalld_ipsets: [] ``` #### Example usage ```YAML firewalld_ipsets: - name: appserver type: "hash:net" short: "App Servers" description: "Allow http access from all appservers" option: {} entry: - 192.168.2.1 - 192.168.2.2 ``` ### firewalld_ipsets_extra #### Default value ```YAML firewalld_ipsets_extra: [] ``` ### firewalld_services A firewalld service can be a list of local ports and destinations and additionally also a list of firewall helper modules automatically loaded if a service is enabled. #### Default value ```YAML firewalld_services: [] ``` #### Example usage ```YAML - name: "" short: "" description: "" port: [] protocol: [] source_port: [] module: [] destination: {} ``` ### firewalld_services_extra #### Default value ```YAML firewalld_services_extra: [] ``` ### firewalld_zones #### Default value ```YAML firewalld_zones: - name: public short: Public description: >- For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted. service: - name: ssh - name: dhcpv6-client - name: cockpit ``` #### Example usage ```YAML firewalld_zones: - name: "" short: "" description: "" target: "" interface: - name: "" source: - address: "" - mac: "" - ipset: "" service: - name: "" port: - { port: "", protocol: "" } protocol: - value: icmp-block: - name: icmp-block-inversion: true masquerade: true forward: true forward-port: - { port: "", protocol: "" } source-port: - { port: "", protocol: "" } rule: - source: { address: "", mac: "", ipset: ""} destination: { address: "", mac: "", ipset: ""} service: {name: ""} port: {port: "", protocol: ""} protocol: {value: ""} icmp-block: name: "" icmp-type: name: "" masquerade: true forward-port: port: "" protocol: "" to-port: "" to-addr: "" source-port: port: "" protocol: "" log: prefix: "" level: "" limit: "" audit: limit: "" accept: limit: "" reject: rejecttype: "" limit: "" drop: limit: "" mark: set: limit: "" end ``` ### firewalld_zones_extra #### Default value ```YAML firewalld_zones_extra: [] ``` ### firewalld_zones_unmanaged #### Default value ```YAML firewalld_zones_unmanaged: [] ``` ## Dependencies None. ## License MIT ## Author [Robert Kaussow](https://gitea.rknet.org/xoxys)