60 lines
1.5 KiB
YAML
60 lines
1.5 KiB
YAML
|
- name: remove service rule for dhcpv6-client
|
||
|
ansible.posix.firewalld:
|
||
|
service: dhcpv6-client
|
||
|
permanent: true
|
||
|
state: disabled
|
||
|
register: port_change
|
||
|
|
||
|
- name: permit traffic in default zone on port 22/tcp for SSH
|
||
|
ansible.posix.firewalld:
|
||
|
port: 22/tcp
|
||
|
permanent: true
|
||
|
state: enabled
|
||
|
register: port_change
|
||
|
|
||
|
- name: permit traffic in default zone on port 80/tcp for HTTP
|
||
|
ansible.posix.firewalld:
|
||
|
port: 80/tcp
|
||
|
permanent: true
|
||
|
state: enabled
|
||
|
register: port_change
|
||
|
|
||
|
- name: permit traffic in default zone on port 443/tcp for HTTPS
|
||
|
ansible.posix.firewalld:
|
||
|
port: 443/tcp
|
||
|
permanent: true
|
||
|
state: enabled
|
||
|
register: port_change
|
||
|
|
||
|
- name: permit traffic in default zone on port 16384-32768/udp for RTP
|
||
|
ansible.posix.firewalld:
|
||
|
port: 16384-32768/udp
|
||
|
permanent: true
|
||
|
state: enabled
|
||
|
register: port_change
|
||
|
|
||
|
- name: permit traffic in default zone on port 8082/tcp for Metrics API
|
||
|
ansible.posix.firewalld:
|
||
|
port: 8082/tcp
|
||
|
permanent: true
|
||
|
state: enabled
|
||
|
register: port_change
|
||
|
|
||
|
- name: Reload firewalld after adding new ports
|
||
|
ansible.builtin.service:
|
||
|
name: firewalld
|
||
|
state: reloaded
|
||
|
when: port_change.changed
|
||
|
|
||
|
- name: permit traffic in default zone with service SSH
|
||
|
ansible.posix.firewalld:
|
||
|
service: ssh
|
||
|
permanent: true
|
||
|
state: disabled
|
||
|
register: remove_ssh_service
|
||
|
|
||
|
- name: Reload firewalld after removing SSH service
|
||
|
ansible.builtin.service:
|
||
|
name: firewalld
|
||
|
state: reloaded
|
||
|
when: remove_ssh_service.changed
|