community.windows.win_firewall_rule (2.2.0) — module

Install collection

Install with ansible-galaxy collection install community.windows:==2.2.0

Add to requirements.yml

  collections:
    - name: community.windows
      version: 2.2.0

Description

Allows you to create/remove/update firewall rules.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Firewall rule to allow SMTP on TCP port 25
  community.windows.win_firewall_rule:
    name: SMTP
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Firewall rule to allow RDP on TCP port 3389
  community.windows.win_firewall_rule:
    name: Remote Desktop
    localport: 3389
    action: allow
    direction: in
    protocol: tcp
    profiles: private
    state: present
    enabled: yes

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Firewall rule to be created for application group
  community.windows.win_firewall_rule:
    name: SMTP
    group: application
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Enable all the Firewall rules in application group
  win_firewall_rule:
    group: application
    enabled: yes

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Firewall rule to allow port range
  community.windows.win_firewall_rule:
    name: Sample port range
    localport: 5000-5010
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Firewall rule to allow ICMP v4 echo (ping)
  community.windows.win_firewall_rule:
    name: ICMP Allow incoming V4 echo request
    enabled: yes
    state: present
    profiles: private
    action: allow
    direction: in
    protocol: icmpv4
    icmp_type_code:
    - '8:*'

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Firewall rule to alloc ICMP v4 on all type codes
  community.windows.win_firewall_rule:
    name: ICMP Allow incoming V4 echo request
    enabled: yes
    state: present
    profiles: private
    action: allow
    direction: in
    protocol: icmpv4
    icmp_type_code: '*'

Inputs

    
name:
    description:
    - The rule's display name.
    - This is required unless I(group) is specified.
    type: str

group:
    description:
    - The group name for the rule.
    - If I(name) is not specified then the module will set the firewall options for all
      the rules in this group.
    type: str

state:
    choices:
    - absent
    - present
    default: present
    description:
    - Should this rule be added or removed.
    type: str

action:
    choices:
    - allow
    - block
    description:
    - What to do with the items this rule is for.
    - Defaults to C(allow) when creating a new rule.
    type: str

enabled:
    aliases:
    - enable
    description:
    - Whether this firewall rule is enabled or disabled.
    - Defaults to C(true) when creating a new rule.
    type: bool

localip:
    description:
    - The local ip address this rule applies to.
    - Set to C(any) to apply to all local ip addresses.
    - Defaults to C(any) when creating a new rule.
    type: str

program:
    description:
    - The program this rule applies to.
    - Set to C(any) to apply to all programs.
    - Defaults to C(any) when creating a new rule.
    type: str

service:
    description:
    - The service this rule applies to.
    - Set to C(any) to apply to all services.
    - Defaults to C(any) when creating a new rule.
    type: str

profiles:
    aliases:
    - profile
    description:
    - The profile this rule applies to.
    - Defaults to C(domain,private,public) when creating a new rule.
    elements: str
    type: list

protocol:
    description:
    - The protocol this rule applies to.
    - Set to C(any) to apply to all services.
    - Defaults to C(any) when creating a new rule.
    type: str

remoteip:
    description:
    - The remote ip address/range this rule applies to.
    - Set to C(any) to apply to all remote ip addresses.
    - Defaults to C(any) when creating a new rule.
    type: str

direction:
    choices:
    - in
    - out
    description:
    - Whether this rule is for inbound or outbound traffic.
    - Defaults to C(in) when creating a new rule.
    type: str

localport:
    description:
    - The local port this rule applies to.
    - Set to C(any) to apply to all local ports.
    - Defaults to C(any) when creating a new rule.
    - Must have I(protocol) set
    type: str

remoteport:
    description:
    - The remote port this rule applies to.
    - Set to C(any) to apply to all remote ports.
    - Defaults to C(any) when creating a new rule.
    - Must have I(protocol) set
    type: str

description:
    description:
    - Description for the firewall rule.
    type: str

icmp_type_code:
    description:
    - The ICMP types and codes for the rule.
    - This is only valid when I(protocol) is C(icmpv4) or C(icmpv6).
    - Each entry follows the format C(type:code) where C(type) is the type number and
      C(code) is the code number for that type or C(*) for all codes.
    - Set the value to just C(*) to apply the rule for all ICMP type codes.
    - See U(https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) for
      a list of ICMP types and the codes that apply to them.
    elements: str
    type: list

See also

• community.windows.win_firewall