community / community.general / 0.1.4 / module / firewalld Manage arbitrary ports/services with firewalld Authors: Adam Miller (@maxamillion)community.general.firewalld (0.1.4) — module
Install with ansible-galaxy collection install community.general:==0.1.4
collections: - name: community.general version: 0.1.4
This module allows for addition or deletion of services and ports (either TCP or UDP) in either running or permanent firewalld rules.
- firewalld: service: https permanent: yes state: enabled
- firewalld: port: 8081/tcp permanent: yes state: disabled
- firewalld: port: 161-162/udp permanent: yes state: enabled
- firewalld: zone: dmz service: http permanent: yes state: enabled
- firewalld: rich_rule: rule service name="ftp" audit limit value="1/m" accept permanent: yes state: enabled
- firewalld: source: 192.0.2.0/24 zone: internal state: enabled
- firewalld: zone: trusted interface: eth2 permanent: yes state: enabled
- firewalld: masquerade: yes state: enabled permanent: yes zone: dmz
- firewalld: zone: custom state: present permanent: yes
- firewalld: zone: drop state: enabled permanent: yes icmp_block_inversion: yes
- firewalld: zone: drop state: enabled permanent: yes icmp_block: echo-request
- name: Redirect port 443 to 8443 with Rich Rule firewalld: rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443 zone: public permanent: yes immediate: yes state: enabled
port: description: - Name of a port or port range to add/remove to/from firewalld. - Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges. type: str zone: description: - The firewalld zone to add/remove to/from. - Note that the default zone can be configured per system but C(public) is default from upstream. - Available choices can be extended based on per-system configs, listed here are "out of the box" defaults. - Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work). type: str state: choices: - absent - disabled - enabled - present description: - Enable or disable a setting. - 'For ports: Should this port accept (enabled) or reject (disabled) connections.' - The states C(present) and C(absent) can only be used in zone level operations (i.e. when no other parameters but zone and state are set). required: true type: str source: description: - The source/network you would like to add/remove to/from firewalld. type: str offline: description: - Whether to run this module even when firewalld is offline. type: bool service: description: - Name of a service to add/remove to/from firewalld. - The service must be listed in output of firewall-cmd --get-services. type: str timeout: default: 0 description: - The amount of time the rule should be in effect for when non-permanent. type: int immediate: default: false description: - Should this configuration be applied immediately, if set as permanent. type: bool interface: description: - The interface you would like to add/remove to/from a zone in firewalld. type: str permanent: description: - Should this configuration be in the running firewalld configuration or persist across reboots. - As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 3.0.9). - Note that if this is C(no), immediate is assumed C(yes). type: bool rich_rule: description: - Rich rule to add/remove to/from firewalld. type: str icmp_block: description: - The ICMP block you would like to add/remove to/from a zone in firewalld. type: str masquerade: description: - The masquerade setting you would like to enable/disable to/from zones within firewalld. type: str icmp_block_inversion: description: - Enable/Disable inversion of ICMP blocks for a zone in firewalld. type: str