Try SpotterWindows firewall automation
| "added in version" 2.0 of ansible.builtin"
Authors: Artem Zinenko (@ar7z1), Timothy Vandenbrande (@TimothyVandenbrande)
preview | supported by community
pipInstall with pip install ansible==2.9.27
Allows you to create/remove/update firewall rules.
- name: Firewall rule to allow SMTP on TCP port 25
win_firewall_rule:
name: SMTP
localport: 25
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
- name: Firewall rule to allow RDP on TCP port 3389
win_firewall_rule:
name: Remote Desktop
localport: 3389
action: allow
direction: in
protocol: tcp
profiles: private
state: present
enabled: yes
- name: Firewall rule to be created for application group
win_firewall_rule:
name: SMTP
group: application
localport: 25
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
- name: Firewall rule to allow port range
win_firewall_rule:
name: Sample port range
localport: 5000-5010
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
- name: Firewall rule to allow ICMP v4 (ping)
win_firewall_rule:
name: ICMP Allow incoming V4 echo request
enabled: yes
state: present
profiles: private
action: allow
direction: in
protocol: icmpv4
name:
description:
- The rule's display name.
required: true
type: str
group:
description:
- The group name for the rule.
type: str
version_added: '2.9'
version_added_collection: ansible.builtin
state:
choices:
- absent
- present
default: present
description:
- Should this rule be added or removed.
type: str
action:
choices:
- allow
- block
description:
- What to do with the items this rule is for.
- Defaults to C(allow) when creating a new rule.
type: str
enabled:
aliases:
- enable
description:
- Whether this firewall rule is enabled or disabled.
- Defaults to C(true) when creating a new rule.
type: bool
localip:
description:
- The local ip address this rule applies to.
- Set to C(any) to apply to all local ip addresses.
- Defaults to C(any) when creating a new rule.
type: str
program:
description:
- The program this rule applies to.
- Set to C(any) to apply to all programs.
- Defaults to C(any) when creating a new rule.
type: str
service:
description:
- The service this rule applies to.
- Set to C(any) to apply to all services.
- Defaults to C(any) when creating a new rule.
type: str
profiles:
aliases:
- profile
description:
- The profile this rule applies to.
- Defaults to C(domain,private,public) when creating a new rule.
type: list
protocol:
description:
- The protocol this rule applies to.
- Set to C(any) to apply to all services.
- Defaults to C(any) when creating a new rule.
type: str
remoteip:
description:
- The remote ip address/range this rule applies to.
- Set to C(any) to apply to all remote ip addresses.
- Defaults to C(any) when creating a new rule.
type: str
direction:
choices:
- in
- out
description:
- Whether this rule is for inbound or outbound traffic.
- Defaults to C(in) when creating a new rule.
type: str
localport:
description:
- The local port this rule applies to.
- Set to C(any) to apply to all local ports.
- Defaults to C(any) when creating a new rule.
- Must have I(protocol) set
type: str
remoteport:
description:
- The remote port this rule applies to.
- Set to C(any) to apply to all remote ports.
- Defaults to C(any) when creating a new rule.
- Must have I(protocol) set
type: str
description:
description:
- Description for the firewall rule.
type: str