community / community.windows / 2.2.0 / module / win_firewall_rule Windows firewall automation Authors: Artem Zinenko (@ar7z1), Timothy Vandenbrande (@TimothyVandenbrande)community.windows.win_firewall_rule (2.2.0) — module
Install with ansible-galaxy collection install community.windows:==2.2.0
collections: - name: community.windows version: 2.2.0
Allows you to create/remove/update firewall rules.
- name: Firewall rule to allow SMTP on TCP port 25 community.windows.win_firewall_rule: name: SMTP localport: 25 action: allow direction: in protocol: tcp state: present enabled: yes
- name: Firewall rule to allow RDP on TCP port 3389 community.windows.win_firewall_rule: name: Remote Desktop localport: 3389 action: allow direction: in protocol: tcp profiles: private state: present enabled: yes
- name: Firewall rule to be created for application group community.windows.win_firewall_rule: name: SMTP group: application localport: 25 action: allow direction: in protocol: tcp state: present enabled: yes
- name: Enable all the Firewall rules in application group win_firewall_rule: group: application enabled: yes
- name: Firewall rule to allow port range community.windows.win_firewall_rule: name: Sample port range localport: 5000-5010 action: allow direction: in protocol: tcp state: present enabled: yes
- name: Firewall rule to allow ICMP v4 echo (ping) community.windows.win_firewall_rule: name: ICMP Allow incoming V4 echo request enabled: yes state: present profiles: private action: allow direction: in protocol: icmpv4 icmp_type_code: - '8:*'
- name: Firewall rule to alloc ICMP v4 on all type codes community.windows.win_firewall_rule: name: ICMP Allow incoming V4 echo request enabled: yes state: present profiles: private action: allow direction: in protocol: icmpv4 icmp_type_code: '*'
name: description: - The rule's display name. - This is required unless I(group) is specified. type: str group: description: - The group name for the rule. - If I(name) is not specified then the module will set the firewall options for all the rules in this group. type: str state: choices: - absent - present default: present description: - Should this rule be added or removed. type: str action: choices: - allow - block description: - What to do with the items this rule is for. - Defaults to C(allow) when creating a new rule. type: str enabled: aliases: - enable description: - Whether this firewall rule is enabled or disabled. - Defaults to C(true) when creating a new rule. type: bool localip: description: - The local ip address this rule applies to. - Set to C(any) to apply to all local ip addresses. - Defaults to C(any) when creating a new rule. type: str program: description: - The program this rule applies to. - Set to C(any) to apply to all programs. - Defaults to C(any) when creating a new rule. type: str service: description: - The service this rule applies to. - Set to C(any) to apply to all services. - Defaults to C(any) when creating a new rule. type: str profiles: aliases: - profile description: - The profile this rule applies to. - Defaults to C(domain,private,public) when creating a new rule. elements: str type: list protocol: description: - The protocol this rule applies to. - Set to C(any) to apply to all services. - Defaults to C(any) when creating a new rule. type: str remoteip: description: - The remote ip address/range this rule applies to. - Set to C(any) to apply to all remote ip addresses. - Defaults to C(any) when creating a new rule. type: str direction: choices: - in - out description: - Whether this rule is for inbound or outbound traffic. - Defaults to C(in) when creating a new rule. type: str localport: description: - The local port this rule applies to. - Set to C(any) to apply to all local ports. - Defaults to C(any) when creating a new rule. - Must have I(protocol) set type: str remoteport: description: - The remote port this rule applies to. - Set to C(any) to apply to all remote ports. - Defaults to C(any) when creating a new rule. - Must have I(protocol) set type: str description: description: - Description for the firewall rule. type: str icmp_type_code: description: - The ICMP types and codes for the rule. - This is only valid when I(protocol) is C(icmpv4) or C(icmpv6). - Each entry follows the format C(type:code) where C(type) is the type number and C(code) is the code number for that type or C(*) for all codes. - Set the value to just C(*) to apply the rule for all ICMP type codes. - See U(https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) for a list of ICMP types and the codes that apply to them. elements: str type: list