Add firewalld task
This commit is contained in:
parent
310253a661
commit
244ab2c704
3 changed files with 69 additions and 6 deletions
60
tasks/firewalld.yml
Normal file
60
tasks/firewalld.yml
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
- name: remove service rule for dhcpv6-client
|
||||
ansible.posix.firewalld:
|
||||
service: dhcpv6-client
|
||||
permanent: true
|
||||
state: disabled
|
||||
register: port_change
|
||||
|
||||
- name: permit traffic in default zone on port 22/tcp for SSH
|
||||
ansible.posix.firewalld:
|
||||
port: 22/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
register: port_change
|
||||
|
||||
- name: permit traffic in default zone on port 80/tcp for HTTP
|
||||
ansible.posix.firewalld:
|
||||
port: 80/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
register: port_change
|
||||
|
||||
- name: permit traffic in default zone on port 443/tcp for HTTPS
|
||||
ansible.posix.firewalld:
|
||||
port: 443/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
register: port_change
|
||||
|
||||
- name: permit traffic in default zone on port 16384-32768/udp for RTP
|
||||
ansible.posix.firewalld:
|
||||
port: 16384-32768/udp
|
||||
permanent: true
|
||||
state: enabled
|
||||
register: port_change
|
||||
|
||||
- name: permit traffic in default zone on port 8082/tcp for Metrics API
|
||||
ansible.posix.firewalld:
|
||||
port: 8082/tcp
|
||||
permanent: true
|
||||
state: enabled
|
||||
register: port_change
|
||||
|
||||
- name: Reload firewalld after adding new ports
|
||||
ansible.builtin.service:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
when: port_change.changed
|
||||
|
||||
- name: permit traffic in default zone with service SSH
|
||||
ansible.posix.firewalld:
|
||||
service: ssh
|
||||
permanent: true
|
||||
state: disabled
|
||||
register: remove_ssh_service
|
||||
|
||||
- name: Reload firewalld after removing SSH service
|
||||
ansible.builtin.service:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
when: remove_ssh_service.changed
|
||||
|
|
@ -4,15 +4,17 @@
|
|||
- name: install packages
|
||||
import_tasks: packages.yml
|
||||
|
||||
- name: firewalld configuration
|
||||
import_tasks: firewalld.yml
|
||||
|
||||
- name: openssh settings
|
||||
import_tasks: openssh.yml
|
||||
|
||||
- name: custom DNS servers
|
||||
import_tasks: dns.yml
|
||||
|
||||
- name: install ctop
|
||||
import_tasks: ctop.yml
|
||||
|
||||
- name: openssh settings
|
||||
import_tasks: openssh.yml
|
||||
|
||||
- name: performance optimisation
|
||||
import_tasks: performance.yml
|
||||
|
||||
import_tasks: performance.yml
|
||||
|
|
@ -31,4 +31,5 @@
|
|||
- nload
|
||||
- sysstat
|
||||
- needrestart
|
||||
- ncat
|
||||
- ncat
|
||||
- firewalld
|
||||
Loading…
Reference in a new issue