45 lines
908 B
YAML
45 lines
908 B
YAML
|
- name: Install firewalld
|
||
|
package:
|
||
|
name: firewalld
|
||
|
become: true
|
||
|
|
||
|
- name: Enable firewalld
|
||
|
systemd:
|
||
|
name: firewalld
|
||
|
enabled: true
|
||
|
state: started
|
||
|
become: true
|
||
|
|
||
|
- name: Mark wireguard as internal traffic
|
||
|
firewalld:
|
||
|
source: "{{ wireguard.cidr }}"
|
||
|
zone: trusted
|
||
|
state: enabled
|
||
|
permanent: true
|
||
|
immediate: true
|
||
|
become: true
|
||
|
|
||
|
- name: Get firewall ports
|
||
|
shell: firewall-cmd --list-ports --zone public
|
||
|
become: true
|
||
|
register: firewall_ports
|
||
|
|
||
|
- name: Open firewall ports
|
||
|
firewalld:
|
||
|
port: "{{ item }}"
|
||
|
permanent: true
|
||
|
immediate: true
|
||
|
state: enabled
|
||
|
loop: "{{ requested_firewall_ports }}"
|
||
|
become: true
|
||
|
|
||
|
- name: Close firewall ports
|
||
|
firewalld:
|
||
|
port: "{{ item }}"
|
||
|
permanent: true
|
||
|
immediate: true
|
||
|
state: disabled
|
||
|
when: item and item not in requested_firewall_ports
|
||
|
loop: "{{ firewall_ports.stdout.split(' ') }}"
|
||
|
become: true
|