vagrant-easyredmine/roles/easyredmine/tasks/firewall.yml


- service:
    name: firewalld
    state: started
    enabled: yes
  become: yes

- firewalld:
    service: https
    permanent: true
    state: enabled
  become: yes
  notify: restart firewalld

- firewalld:
    service: http
    permanent: true
    state: enabled
  become: yes
  notify: restart firewalld

- firewalld:
    rich_rule: 'rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
    permanent: true
    state: enabled
  with_items:
    - 128.192.75.0/24
    - 192.168.0.0/16
    - 172.16.0.0/16
    - 128.91.49.0/24
  become: yes
  notify: restart firewalld
  when: is_production_vm == True

- firewalld:
    service: ssh
    permanent: true
    state: disabled
  become: yes
  notify: restart firewalld
  when: is_production_vm == True

- name: define new icmp types for timestamp responses
  copy:
    dest: '/etc/firewalld/icmptypes/{{ item }}.xml'
    src: '{{ item }}.xml'
  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request

- name: load new icmp types for timestamp responses
  command: firewall-cmd --reload
  become: yes

- name: disable icmp timestamp responses
  command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
  become: yes
  with_items:
    - timestamp-reply
    - timestamp-request
  notify: restart firewalld

- name: restart firewalld
  service:
    name: firewalld
    state: restarted
  become: yes
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`- service:`
			`name: firewalld`
			`state: started`
			`enabled: yes`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`- firewalld:`
			`service: https`
			`permanent: true`
			`state: enabled`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00			`notify: restart firewalld`

refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`- firewalld:`
			`service: http`
			`permanent: true`
			`state: enabled`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
improvements, progess on provisioning 2015-11-18 23:02:49 +00:00			`notify: restart firewalld`
numerous improvements 2015-11-30 15:08:24 +00:00
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`- firewalld:`
			`rich_rule: 'rule service name="ssh" family="ipv4" source address="{{ item }}" accept'`
			`permanent: true`
			`state: enabled`
numerous improvements 2015-11-30 15:08:24 +00:00			`with_items:`
			`- 128.192.75.0/24`
			`- 192.168.0.0/16`
			`- 172.16.0.0/16`
			`- 128.91.49.0/24`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
numerous improvements 2015-11-30 15:08:24 +00:00			`notify: restart firewalld`
allow some firewall rules in vagrant context 2015-12-27 21:20:23 +00:00			`when: is_production_vm == True`
numerous improvements 2015-11-30 15:08:24 +00:00
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`- firewalld:`
			`service: ssh`
			`permanent: true`
			`state: disabled`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
numerous improvements 2015-11-30 15:08:24 +00:00			`notify: restart firewalld`
allow some firewall rules in vagrant context 2015-12-27 21:20:23 +00:00			`when: is_production_vm == True`
numerous improvements 2015-11-30 15:08:24 +00:00
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00			`- name: define new icmp types for timestamp responses`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`copy:`
			`dest: '/etc/firewalld/icmptypes/{{ item }}.xml'`
			`src: '{{ item }}.xml'`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00			`with_items:`
			`- timestamp-reply`
			`- timestamp-request`

			`- name: load new icmp types for timestamp responses`
			`command: firewall-cmd --reload`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00
			`- name: disable icmp timestamp responses`
			`command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`
firewalld block icmp timestamp responses 2016-04-26 15:20:52 +00:00			`with_items:`
			`- timestamp-reply`
			`- timestamp-request`
			`notify: restart firewalld`

numerous improvements 2015-11-30 15:08:24 +00:00			`- name: restart firewalld`
refactor task syntax to use yaml dictionary instead of key=value 2017-12-21 03:47:20 +00:00			`service:`
			`name: firewalld`
			`state: restarted`
updates for Ansible 2.x 2016-07-14 03:15:07 +00:00			`become: yes`