- name: manage firewalld service service: name: firewalld state: started enabled: yes become: yes - name: enable https in firewalld firewalld: service: https permanent: true state: enabled become: yes notify: restart firewalld - name: enable http in firewalld firewalld: service: http permanent: true state: enabled become: yes notify: restart firewalld - name: enable ssh rule in firewalld firewalld: rich_rule: 'rule service name="ssh" family="ipv4" source address="{{ item }}" accept' permanent: true state: enabled with_items: - 128.192.75.0/24 - 192.168.0.0/16 - 172.16.0.0/16 - 128.91.49.0/24 become: yes notify: restart firewalld when: is_production_vm == True - name: disable ssh service in firewalld firewalld: service: ssh permanent: true state: disabled become: yes notify: restart firewalld when: is_production_vm == True - name: define new icmp types for timestamp responses copy: dest: '/etc/firewalld/icmptypes/{{ item }}.xml' src: '{{ item }}.xml' become: yes with_items: - timestamp-reply - timestamp-request - name: load new icmp types for timestamp responses command: firewall-cmd --reload become: yes - name: disable icmp timestamp responses command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }} become: yes with_items: - timestamp-reply - timestamp-request notify: restart firewalld - name: restart firewalld service: name: firewalld state: restarted become: yes