ansible / ansible.builtin / v2.3.3.0-1 / module / firewalld Manage arbitrary ports/services with firewalld | "added in version" 1.4 of ansible.builtin" Authors: Adam Miller (@maxamillion) preview | supported by communityansible.builtin.firewalld (v2.3.3.0-1) — module
pip
Install with pip install ansible==2.3.3.0.post1
This module allows for addition or deletion of services and ports either tcp or udp in either running or permanent firewalld rules.
- firewalld: service: https permanent: true state: enabled
- firewalld: port: 8081/tcp permanent: true state: disabled
- firewalld: port: 161-162/udp permanent: true state: enabled
- firewalld: zone: dmz service: http permanent: true state: enabled
- firewalld: rich_rule: 'rule service name="ftp" audit limit value="1/m" accept' permanent: true state: enabled
- firewalld: source: 192.0.2.0/24 zone: internal state: enabled
- firewalld: zone: trusted interface: eth2 permanent: true state: enabled
- firewalld: masquerade: yes state: enabled permanent: true zone: dmz
port: default: null description: - Name of a port or port range to add/remove to/from firewalld. Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges. required: false zone: choices: - work - drop - internal - external - trusted - home - dmz - public - block default: system-default(public) description: - 'The firewalld zone to add/remove to/from (NOTE: default zone can be configured per system but "public" is default from upstream. Available choices can be extended based on per-system configs, listed here are "out of the box" defaults).' required: false state: choices: - enabled - disabled description: - Should this port accept(enabled) or reject(disabled) connections. required: true source: default: null description: - The source/network you would like to add/remove to/from firewalld required: false version_added: '2.0' version_added_collection: ansible.builtin service: default: null description: - Name of a service to add/remove to/from firewalld - service must be listed in output of firewall-cmd --get-services. required: false timeout: default: 0 description: - The amount of time the rule should be in effect for when non-permanent. required: false immediate: default: false description: - Should this configuration be applied immediately, if set as permanent required: false version_added: '1.9' version_added_collection: ansible.builtin interface: default: null description: - The interface you would like to add/remove to/from a zone in firewalld required: false version_added: '2.1' version_added_collection: ansible.builtin permanent: default: null description: - Should this configuration be in the running firewalld configuration or persist across reboots. As of Ansible version 2.3, permanent operations can operate on firewalld configs when it's not running (requires firewalld >= 3.0.9) required: false rich_rule: default: null description: - Rich rule to add/remove to/from firewalld. required: false masquerade: default: null description: - The masquerade setting you would like to enable/disable to/from zones within firewalld required: false version_added: '2.1' version_added_collection: ansible.builtin