mirror of
https://github.com/krislamo/vagrant-easyredmine
synced 2024-11-13 23:50:34 +00:00
62 lines
1.4 KiB
YAML
62 lines
1.4 KiB
YAML
|
|
- service: name=firewalld
|
|
state=started
|
|
enabled=yes
|
|
become: yes
|
|
|
|
- firewalld: service=https
|
|
permanent=true
|
|
state=enabled
|
|
become: yes
|
|
notify: restart firewalld
|
|
|
|
- firewalld: service=http
|
|
permanent=true
|
|
state=enabled
|
|
become: yes
|
|
notify: restart firewalld
|
|
|
|
- firewalld: rich_rule='rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
|
|
permanent=true
|
|
state=enabled
|
|
with_items:
|
|
- 128.192.75.0/24
|
|
- 192.168.0.0/16
|
|
- 172.16.0.0/16
|
|
- 128.91.49.0/24
|
|
become: yes
|
|
notify: restart firewalld
|
|
when: is_production_vm == True
|
|
|
|
- firewalld: service=ssh
|
|
permanent=true
|
|
state=disabled
|
|
become: yes
|
|
notify: restart firewalld
|
|
when: is_production_vm == True
|
|
|
|
- name: define new icmp types for timestamp responses
|
|
copy: dest='/etc/firewalld/icmptypes/{{ item }}.xml'
|
|
src='{{ item }}.xml'
|
|
become: yes
|
|
with_items:
|
|
- timestamp-reply
|
|
- timestamp-request
|
|
|
|
- name: load new icmp types for timestamp responses
|
|
command: firewall-cmd --reload
|
|
become: yes
|
|
|
|
- name: disable icmp timestamp responses
|
|
command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
|
|
become: yes
|
|
with_items:
|
|
- timestamp-reply
|
|
- timestamp-request
|
|
notify: restart firewalld
|
|
|
|
- name: restart firewalld
|
|
service: name=firewalld
|
|
state=restarted
|
|
become: yes
|