Giters

ObieBent / basic-firewalld

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Basic Firewalld

Configuration firewalld rules and interfaces.

Requirements

Firewalld must be available in Linux distribution.

Role Variables

Variable Default value Description
firewalld_enable true Install, enable and start firewalld service
firewalld_rules_add {} List rules to be added on a specific zone
firewalld_rules_add.zone mandatory Zone where rule will be added
firewalld_rules_add.ports [] List of port/protocol to open on firewall (i.e 9200/tcp)
firewalld_rules_add.services [] List of services to enable on firewall (services list available in /usr/lib/firewalld/services/)
firewalld_rules_remove {} List rules to be removed on a specific zone
firewalld_rules_remove.zone mandatory Zone where rule will be removed
firewalld_rules_remove.ports [] List of port/protocol to close on firewall (i.e 9200/tcp)
firewalld_rules_remove.services [] List of services to disable on firewall (services list available in /usr/lib/firewalld/services/)
firewalld_interfaces [] Assign network interfaces to specific zone
firewalld_interfaces.zone mandatory Assign network interfaces to specific zone
firewalld_interfaces.intefaces [] List of network interfaces to assign on zone
firewalld_interfaces.state present use present to move interfaces in zone, use absent to remove interface from zone.

Dependencies

None.

Example Playbook

Example to add rules on zone :

- hosts: all
  roles:
  - role: basic-firewalld
    firewalld_rules_add:
    - zone: public
      services:
        - http
        - https
    - zone: external
      ports:
        - 9200/tcp
      services:
        - http
        - https

Example to remove rules from zone :

- hosts: all
  roles:
  - role: basic-firewalld
    firewalld_rules_remove:
    - zone: public
      services:
        - http
        - https
    - zone: external
      ports:
        - 9200/tcp
      services:
        - http
        - https

Assign eth1 network interface to external zone. If eth1 is already assign to another zone it will be automatically move to external zone (interface can be only assign to one zone at a time) :

- hosts: all
  roles:
  - role: basic-firewalld
    firewalld_interfaces:
    - zone: external
      interfaces:
        - eth1

License

BSD

Author Information

About

Languages

Language:Jinja 78.6%Language:Python 21.4%