Add firewalld task
This commit is contained in:
parent
310253a661
commit
244ab2c704
3 changed files with 69 additions and 6 deletions
60
tasks/firewalld.yml
Normal file
60
tasks/firewalld.yml
Normal file
|
|
@ -0,0 +1,60 @@
|
||||||
|
- name: remove service rule for dhcpv6-client
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: dhcpv6-client
|
||||||
|
permanent: true
|
||||||
|
state: disabled
|
||||||
|
register: port_change
|
||||||
|
|
||||||
|
- name: permit traffic in default zone on port 22/tcp for SSH
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: 22/tcp
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
register: port_change
|
||||||
|
|
||||||
|
- name: permit traffic in default zone on port 80/tcp for HTTP
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: 80/tcp
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
register: port_change
|
||||||
|
|
||||||
|
- name: permit traffic in default zone on port 443/tcp for HTTPS
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: 443/tcp
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
register: port_change
|
||||||
|
|
||||||
|
- name: permit traffic in default zone on port 16384-32768/udp for RTP
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: 16384-32768/udp
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
register: port_change
|
||||||
|
|
||||||
|
- name: permit traffic in default zone on port 8082/tcp for Metrics API
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: 8082/tcp
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
register: port_change
|
||||||
|
|
||||||
|
- name: Reload firewalld after adding new ports
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: firewalld
|
||||||
|
state: reloaded
|
||||||
|
when: port_change.changed
|
||||||
|
|
||||||
|
- name: permit traffic in default zone with service SSH
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: ssh
|
||||||
|
permanent: true
|
||||||
|
state: disabled
|
||||||
|
register: remove_ssh_service
|
||||||
|
|
||||||
|
- name: Reload firewalld after removing SSH service
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: firewalld
|
||||||
|
state: reloaded
|
||||||
|
when: remove_ssh_service.changed
|
||||||
|
|
@ -4,15 +4,17 @@
|
||||||
- name: install packages
|
- name: install packages
|
||||||
import_tasks: packages.yml
|
import_tasks: packages.yml
|
||||||
|
|
||||||
|
- name: firewalld configuration
|
||||||
|
import_tasks: firewalld.yml
|
||||||
|
|
||||||
|
- name: openssh settings
|
||||||
|
import_tasks: openssh.yml
|
||||||
|
|
||||||
- name: custom DNS servers
|
- name: custom DNS servers
|
||||||
import_tasks: dns.yml
|
import_tasks: dns.yml
|
||||||
|
|
||||||
- name: install ctop
|
- name: install ctop
|
||||||
import_tasks: ctop.yml
|
import_tasks: ctop.yml
|
||||||
|
|
||||||
- name: openssh settings
|
|
||||||
import_tasks: openssh.yml
|
|
||||||
|
|
||||||
- name: performance optimisation
|
- name: performance optimisation
|
||||||
import_tasks: performance.yml
|
import_tasks: performance.yml
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -32,3 +32,4 @@
|
||||||
- sysstat
|
- sysstat
|
||||||
- needrestart
|
- needrestart
|
||||||
- ncat
|
- ncat
|
||||||
|
- firewalld
|
||||||
Loading…
Reference in a new issue