-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall.yml
81 lines (74 loc) · 2.23 KB
/
firewall.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
---
# Configure systems firewall
#
- name: Checking firewall state
command:
argv:
- /usr/libexec/ApplicationFirewall/socketfilterfw
- --getglobalstate
- --getblockall
- --listapps
- --getallowsigned
- --getstealthmode
- --getloggingmode
- --getloggingopt
register: fw_state
changed_when: false
become: true
- name: Activating firewall
command:
argv:
- /usr/libexec/ApplicationFirewall/socketfilterfw
- --setglobalstate
- "on"
when: "'Firewall is disabled' in fw_state.stdout"
become: yes
- name: Changeing firewall block all mode to {{ firewall_blockall }}
command:
argv:
- /usr/libexec/ApplicationFirewall/socketfilterfw
- --setblockall
- "{{ firewall_blockall }}"
# when: "'Firewall is set to block all non-essential incoming connections' in fw_state.stdout"
become: true
- name: Changing firewall incoming connection for signed built-in software to {{ firewall_allowsigned }}
command:
argv:
- /usr/libexec/ApplicationFirewall/socketfilterfw
- --setallowsigned
- "{{ firewall_allowsigned }}"
# when: "'Automatically allow signed built-in software ENABLED' in fw_state.stdout"
become: true
- name: Changing firewall incoming connection for signed application to {{ firewall_allowsignedapp }}
command:
argv:
- /usr/libexec/ApplicationFirewall/socketfilterfw
- --setallowsignedapp
- "{{ firewall_allowsignedapp }}"
# when: "'Automatically allow downloaded signed software ENABLED' in fw_state.stdout"
become: true
- name: Changing firewall stealth mode to {{ firewall_stealthmode }}
command:
argv:
- /usr/libexec/ApplicationFirewall/socketfilterfw
- --setstealthmode
- "{{ firewall_stealthmode }}"
# when: "'Stealth mode disabled' in fw_state.stdout"
become: true
- name: Checking firewall state
command:
argv:
- /usr/libexec/ApplicationFirewall/socketfilterfw
- --getglobalstate
- --getblockall
- --listapps
- --getallowsigned
- --getstealthmode
- --getloggingmode
- --getloggingopt
register: fw_state
changed_when: false
become: true
- name: Printing firewall configuration
debug:
msg: "{{ fw_state.stdout }}"