Install and configure firewalld

This commit is contained in:
Jake Howard 2020-06-03 20:32:12 +01:00
parent e62c694104
commit 75e1420fd6
Signed by: jake
GPG key ID: 57AFB45680EDD477
2 changed files with 46 additions and 0 deletions

View file

@ -44,3 +44,7 @@ alias cl="climate"
alias tmux-cleanup="tmux list-sessions | grep -v attached | cut -d: -f1 | xargs -t -n1 tmux kill-session -t" alias tmux-cleanup="tmux list-sessions | grep -v attached | cut -d: -f1 | xargs -t -n1 tmux kill-session -t"
alias lock-screen="xdotool key 'Super_L+l'" alias lock-screen="xdotool key 'Super_L+l'"
alias mux="tmuxinator start" alias mux="tmuxinator start"
alias open-port="firewall-cmd --zone=public --add-port"
alias close-port="firewall-cmd --zone=public --remove-port"
alias reset-ports="firewall-cmd --complete-reload"

View file

@ -24,3 +24,45 @@
dest: "{{ home }}/.ssh/assh.yml" dest: "{{ home }}/.ssh/assh.yml"
mode: 0644 mode: 0644
owner: "{{ user }}" owner: "{{ user }}"
- name: Install Firewall
aur:
name: "{{ item }}"
become: true
become_user: aur_builder
when: item not in installed_packages.stdout_lines
loop:
- firewalld
- name: Enable firewalld
systemd:
name: firewalld
enabled: true
- name: Define firewall ports
set_fact:
requested_firewall_ports:
- 22/tcp # SSH
- 80/tcp # Web (crab)
- name: Get firewall ports
shell: firewall-cmd --list-ports
become: true
register: firewall_ports
- name: Open firewall ports
firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop: "{{ requested_firewall_ports }}"
- name: Close firewall ports
firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: disabled
when: item not in requested_firewall_ports
loop: "{{ firewall_ports.stdout.split(' ') }}"