| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 |
- ---
- - name: Install firewalld packages
- yum:
- name: firewalld
- state: present
- - name: Start and enable firewalld service
- service:
- name: firewalld
- state: started
- enabled: yes
- register: result
- - name: need to pause here, otherwise the firewalld service starting can sometimes cause ssh to fail
- pause: seconds=10
- when: result | changed
- - name: Ensure iptables services are not enabled
- service:
- name: "{{ item }}"
- state: stopped
- enabled: no
- with_items:
- - iptables
- - ip6tables
- - name: Mask iptables services
- command: systemctl mask "{{ item }}"
- register: result
- failed_when: result.rc != 0
- changed_when: False
- with_items:
- - iptables
- - ip6tables
- # TODO: Ansible 1.9 will eliminate the need for separate firewalld tasks for
- # enabling rules and making them permanent with the immediate flag
- - name: Add firewalld allow rules
- firewalld:
- port: "{{ item.port }}"
- permanent: false
- state: enabled
- with_items: allow
- when: allow is defined
- - name: Persist firewalld allow rules
- firewalld:
- port: "{{ item.port }}"
- permanent: true
- state: enabled
- with_items: allow
- when: allow is defined
- - name: Remove firewalld allow rules
- firewalld:
- port: "{{ item.port }}"
- permanent: false
- state: disabled
- with_items: deny
- when: deny is defined
- - name: Persist removal of firewalld allow rules
- firewalld:
- port: "{{ item.port }}"
- permanent: true
- state: disabled
- with_items: deny
- when: deny is defined
|
