vagrant-easyredmine/roles/easyredmine/tasks/firewall.yml


- name: manage firewalld service
  service:
    name: firewalld
    state: started
    enabled: yes
  become: yes

- name: enable https in firewalld
  firewalld:
    service: https
    permanent: true
    state: enabled
  become: yes
  notify: restart firewalld

- name: enable http in firewalld
  firewalld:
    service: http
    permanent: true
    state: enabled
  become: yes
  notify: restart firewalld

- name: enable ssh rule in firewalld
  firewalld:
    rich_rule: 'rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
    permanent: true
    state: enabled
  with_items: "{{ firewall_addrs }}"
  become: yes
  notify: restart firewalld
  when: is_production_vm == True

- name: disable ssh service in firewalld
  firewalld:
    service: ssh
    permanent: true
    state: disabled
  become: yes
  notify: restart firewalld
  when: is_production_vm == True

- name: define new icmp types for timestamp responses
  copy:
    dest: '/etc/firewalld/icmptypes/{{ item }}.xml'
    src: '{{ item }}.xml'
  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request

- name: load new icmp types for timestamp responses
  command: firewall-cmd --reload
  become: yes

- name: disable icmp timestamp responses
  command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request
  notify: restart firewalld

- name: restart firewalld
  service:
    name: firewalld
    state: restarted
  become: yes
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00
add more task labels 2018-03-20 17:04:30 +00:00			`- name: manage firewalld service`
			`service:`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`name: firewalld`
			`state: started`
			`enabled: yes`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00
add more task labels 2018-03-20 17:04:30 +00:00			`- name: enable https in firewalld`
			`firewalld:`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`service: https`
			`permanent: true`
			`state: enabled`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00			`notify: restart firewalld`

add more task labels 2018-03-20 17:04:30 +00:00			`- name: enable http in firewalld`
			`firewalld:`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`service: http`
			`permanent: true`
			`state: enabled`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00			`notify: restart firewalld`
numerous improvements 2015-11-30 15:08:24 +00:00
add more task labels 2018-03-20 17:04:30 +00:00			`- name: enable ssh rule in firewalld`
			`firewalld:`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`rich_rule: 'rule service name="ssh" family="ipv4" source address="{{ item }}" accept'`
			`permanent: true`
			`state: enabled`
Variablize new IP ranges 2021-01-29 20:03:40 +00:00			`with_items: "{{ firewall_addrs }}"`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
numerous improvements 2015-11-30 15:08:24 +00:00			`notify: restart firewalld`
allow some firewall rules in vagrant context 2015-12-27 21:20:23 +00:00			`when: is_production_vm == True`
numerous improvements 2015-11-30 15:08:24 +00:00
add more task labels 2018-03-20 17:04:30 +00:00			`- name: disable ssh service in firewalld`
			`firewalld:`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`service: ssh`
			`permanent: true`
			`state: disabled`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
numerous improvements 2015-11-30 15:08:24 +00:00			`notify: restart firewalld`
allow some firewall rules in vagrant context 2015-12-27 21:20:23 +00:00			`when: is_production_vm == True`
numerous improvements 2015-11-30 15:08:24 +00:00
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00			`- name: define new icmp types for timestamp responses`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`copy:`
			`dest: '/etc/firewalld/icmptypes/{{ item }}.xml'`
			`src: '{{ item }}.xml'`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00			`with_items:`
			`- timestamp-reply`
			`- timestamp-request`

			`- name: load new icmp types for timestamp responses`
			`command: firewall-cmd --reload`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00
			`- name: disable icmp timestamp responses`
			`command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00			`with_items:`
			`- timestamp-reply`
			`- timestamp-request`
			`notify: restart firewalld`

numerous improvements 2015-11-30 15:08:24 +00:00			`- name: restart firewalld`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`service:`
			`name: firewalld`
			`state: restarted`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`