1
0
mirror of https://github.com/krislamo/vagrant-easyredmine synced 2024-11-13 23:50:34 +00:00
vagrant-easyredmine/roles/easyredmine/tasks/firewall.yml
2018-03-20 13:04:30 -04:00

74 lines
1.5 KiB
YAML

- name: manage firewalld service
service:
name: firewalld
state: started
enabled: yes
become: yes
- name: enable https in firewalld
firewalld:
service: https
permanent: true
state: enabled
become: yes
notify: restart firewalld
- name: enable http in firewalld
firewalld:
service: http
permanent: true
state: enabled
become: yes
notify: restart firewalld
- name: enable ssh rule in firewalld
firewalld:
rich_rule: 'rule service name="ssh" family="ipv4" source address="{{ item }}" accept'
permanent: true
state: enabled
with_items:
- 128.192.75.0/24
- 192.168.0.0/16
- 172.16.0.0/16
- 128.91.49.0/24
become: yes
notify: restart firewalld
when: is_production_vm == True
- name: disable ssh service in firewalld
firewalld:
service: ssh
permanent: true
state: disabled
become: yes
notify: restart firewalld
when: is_production_vm == True
- name: define new icmp types for timestamp responses
copy:
dest: '/etc/firewalld/icmptypes/{{ item }}.xml'
src: '{{ item }}.xml'
become: yes
with_items:
- timestamp-reply
- timestamp-request
- name: load new icmp types for timestamp responses
command: firewall-cmd --reload
become: yes
- name: disable icmp timestamp responses
command: firewall-cmd --permanent --zone=public --add-icmp-block={{ item }}
become: yes
with_items:
- timestamp-reply
- timestamp-request
notify: restart firewalld
- name: restart firewalld
service:
name: firewalld
state: restarted
become: yes