1
0
mirror of https://github.com/krislamo/vagrant-easyredmine synced 2024-11-12 23:50:34 +00:00
vagrant-easyredmine/roles/easyredmine/tasks/firewall.yml

62 lines
1.4 KiB
YAML
Raw Normal View History

2015-11-18 23:02:49 +00:00
- service: name=firewalld
state=started
2015-11-30 15:08:24 +00:00
enabled=yes
2016-07-14 03:15:07 +00:00
become: yes
2015-11-18 23:02:49 +00:00
- firewalld: service=https
permanent=true
state=enabled
2016-07-14 03:15:07 +00:00
become: yes
2015-11-18 23:02:49 +00:00
notify: restart firewalld
- firewalld: service=http
permanent=true
state=enabled
2016-07-14 03:15:07 +00:00
become: yes
2015-11-18 23:02:49 +00:00
notify: restart firewalld
2015-11-30 15:08:24 +00:00
- firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
permanent=true
state=enabled
with_items:
- 128.192.75.0/24
- 192.168.0.0/16
- 172.16.0.0/16
- 128.91.49.0/24
2016-07-14 03:15:07 +00:00
become: yes
2015-11-30 15:08:24 +00:00
notify: restart firewalld
when: is_production_vm == True
2015-11-30 15:08:24 +00:00
- firewalld: service=ssh
permanent=true
state=disabled
2016-07-14 03:15:07 +00:00
become: yes
2015-11-30 15:08:24 +00:00
notify: restart firewalld
when: is_production_vm == True
2015-11-30 15:08:24 +00:00
- name: define new icmp types for timestamp responses
copy: dest='/etc/firewalld/icmptypes/{{ item }}.xml'
src='{{ item }}.xml'
2016-07-14 03:15:07 +00:00
become: yes
with_items:
- timestamp-reply
- timestamp-request
- name: load new icmp types for timestamp responses
command: firewall-cmd --reload
2016-07-14 03:15:07 +00:00
become: yes
- name: disable icmp timestamp responses
command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
2016-07-14 03:15:07 +00:00
become: yes
with_items:
- timestamp-reply
- timestamp-request
notify: restart firewalld
2015-11-30 15:08:24 +00:00
- name: restart firewalld
service: name=firewalld
state=restarted
2016-07-14 03:15:07 +00:00
become: yes