No description
- Jinja 100%
| defaults | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| .gitignore | ||
| README.md | ||
ansible-role-firewalld
This role allows adding and removing most types of firewalld rules from the default zone Additionally there is special handing to define an internal and exteral zone, assign interfaces and rules as needed
Network Manager
When interfaces are added via ovirt they automatically get a name, rename the connection under nm to avoid problems when sending the template files.
nmcli connection modify "Wired connection 1" connection.id enp7s0
Retrieve the existing UUID for the desired interfaces, and set this to be used in the nm template file
nmcli connection show
Example nm configuration
network_type: nm
networks:
- priority: 10
template: static
format: keyfile
uuid: f86a8i89-b070-502f-8153-60a70a00d623
interface: enp7
Playbook Example
- name: Setup rules with in the default zone
hosts: vpn
become: true
roles:
- role: wireguard
- role: firewalld
firewalld_masquerade:
state: enabled
firewalld_services:
- mdns
firewalld_ports:
- 1025-65535/tcp
- 1025-65535/udp
- name: Setup Internal and External zones with isolated services
hosts: public_facing_hosts
become: true
roles:
- role: firewalld
firewalld_internal: true
firewalld_internal_services:
- dhcpv6-client
- ssh
- http
- https
firewalld_internal_ports:
- 3001/tcp
firewalld_external: true
firewalld_external_services:
- http
- https
- name: Setup Internal and External zones with isolated services
hosts: mx
become: true
roles:
- role: firewalld
firewalld_internal: true
firewalld_internal_services:
- dhcpv6-client
- ssh
- http
- https
- smtp
- submission
- imap
- imaps
firewalld_external: true
firewalld_external_services:
- smtp
- submission
- imap
- imaps