Manage firewall ports on all (known) Linux operating systems.
| GitHub | GitLab | Quality | Downloads | Version |
|---|---|---|---|---|
 |
 |
 |
 |
 |
This example is taken from molecule/default/converge.yml and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
roles:
- role: robertdebock.firewallThe machine needs to be prepared. In CI this is done using molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
gather_facts: no
become: yes
roles:
- role: robertdebock.bootstrapAlso see a full explanation and example on how to use these roles.
The default values for the variables are set in defaults/main.yml:
---
# defaults file for firewall
# If you don't specify a protocol in `firewall_services`, fall back to this.
firewall_default_protocol: tcp
# If you don't specify a rule in `firewall_services`, fall back to this.
firewall_default_rule: allow
# A list of service to allow traffic to.
firewall_services:
- name: ssh
# A bit more difficult example:
# firewall_services:
# - name: ssh
# - name: https
# - name: 5353
# protocol: udp
# - name: 1234
# protocol: tcp
# - name: 1337
# state: absent
# A list of interfaces you would like to add/remove to/from a zone in firewalld.
# firewall_interfaces: []
# examples:
# firewall_interfaces:
# - interface: eth0
# zone: trusted
# - type: bond
# interface: bond0
# zone: trusted
# - interface: ens0
# zone: trusted
# state: disabled
-
pip packages listed in requirements.txt.
-
Feature Allow adding a select interface to a selected zone. is only supported on operating systems with firewalld as default firewall software. For details see manpage firewalld.zones(5) "How to set or change a zone for a connection?". This feature will only be usable if the interface is managed by NetworkManager. Suse os-family needs to switch from wicked to NetworkManager, RedHat os-family is using NetworkManger by default. Requires installing additional packages otherwise tasks for the feature will be skipped.
-
known issue: collection
community.general is version('3.3.0', '>=')andansible_distribution == 'Fedora' and ansible_distribution_major_version is version('30', '<=').-
reason: those versions pulled in new settings see
routing-rulesin nm-settings.workarround: use collection
community.generalversion3.2.0but this will introduce different issues. therefore fedora<=30 not supported# on centos7,fedora29,rhel7 CRITICAL Idempotence test failed because of the following tasks: * => ansible-role-firewall : add interface to a zone (networkmanager)
-
-
The following roles are used to prepare a system. You can prepare your system in another way.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
This role has been tested on these container images:
| container | tags |
|---|---|
| alpine | all |
| el | 7,8 |
| debian | all |
| fedora | all |
| opensuse | all |
| ubuntu | all |
The minimum version of Ansible required is 2.10, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub
Apache-2.0
Please consider sponsoring me.