mirror of
https://github.com/krislamo/vagrant-easyredmine
synced 2024-09-20 07:40:34 +00:00
70 lines
1.5 KiB
YAML
70 lines
1.5 KiB
YAML
|
|
- name: manage firewalld service
|
|
service:
|
|
name: firewalld
|
|
state: started
|
|
enabled: yes
|
|
become: yes
|
|
|
|
- name: enable https in firewalld
|
|
firewalld:
|
|
service: https
|
|
permanent: true
|
|
state: enabled
|
|
become: yes
|
|
notify: restart firewalld
|
|
|
|
- name: enable http in firewalld
|
|
firewalld:
|
|
service: http
|
|
permanent: true
|
|
state: enabled
|
|
become: yes
|
|
notify: restart firewalld
|
|
|
|
- name: enable ssh rule in firewalld
|
|
firewalld:
|
|
rich_rule: 'rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
|
|
permanent: true
|
|
state: enabled
|
|
with_items: "{{ firewall_addrs }}"
|
|
become: yes
|
|
notify: restart firewalld
|
|
when: is_production_vm == True
|
|
|
|
- name: disable ssh service in firewalld
|
|
firewalld:
|
|
service: ssh
|
|
permanent: true
|
|
state: disabled
|
|
become: yes
|
|
notify: restart firewalld
|
|
when: is_production_vm == True
|
|
|
|
- name: define new icmp types for timestamp responses
|
|
copy:
|
|
dest: '/etc/firewalld/icmptypes/{{ item }}.xml'
|
|
src: '{{ item }}.xml'
|
|
become: yes
|
|
with_items:
|
|
- timestamp-reply
|
|
- timestamp-request
|
|
|
|
- name: load new icmp types for timestamp responses
|
|
command: firewall-cmd --reload
|
|
become: yes
|
|
|
|
- name: disable icmp timestamp responses
|
|
command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
|
|
become: yes
|
|
with_items:
|
|
- timestamp-reply
|
|
- timestamp-request
|
|
notify: restart firewalld
|
|
|
|
- name: restart firewalld
|
|
service:
|
|
name: firewalld
|
|
state: restarted
|
|
become: yes
|