ansible-role-firewalld/README.md

# ansible-role-firewalld

This role allows adding and removing most types of firewalld rules from the default zone

 - https://firewalld.org/


## Task Configuration

```
- name: Test adding and removeing services etc
  hosts: test
  become: true
  roles:
    - role: firewalld
      firewalld_ipset_add:
        - name: peers
          ips:
            - 207.188.6.74
            - 207.188.6.12
            - 207.188.6.49

      firewalld_add:
        - name: public
          masquerade: false
          forward: true
          services:
            - http
            - https
            - ssh
          ports:
            - 53/tcp
            - 53/udp
            - 67/udp
            - 547/udp
          forwards:
            - port: 443
              proto: udp
              to: 51820
        - name: ftl
          interfaces:
            - lo
          ports:
            - 4711/tcp

      firewalld_remove:
        - name: public
          masquerade: true
          services:
            - http
            - https
```


## Deployment and Removal

Deploy

```
ansible-playbook -i hosts site.yml --tags=firewalld --limit=somehost
```

Remove

```
ansible-playbook -i hosts site.yml --tags=firewalld --extra-vars "firewall_action=remove" --limit=somehost
```
ansible role for deploying firewalld rules 2024-08-21 01:45:31 +00:00			`# ansible-role-firewalld`

			`This role allows adding and removing most types of firewalld rules from the default zone`

			`- https://firewalld.org/`


			`## Task Configuration`

			```
			`- name: Test adding and removeing services etc`
			`hosts: test`
			`become: true`
			`roles:`
			`- role: firewalld`
			`firewalld_ipset_add:`
			`- name: peers`
			`ips:`
			`- 207.188.6.74`
			`- 207.188.6.12`
			`- 207.188.6.49`

			`firewalld_add:`
			`- name: public`
			`masquerade: false`
			`forward: true`
			`services:`
			`- http`
			`- https`
			`- ssh`
			`ports:`
			`- 53/tcp`
			`- 53/udp`
			`- 67/udp`
			`- 547/udp`
			`forwards:`
			`- port: 443`
			`proto: udp`
			`to: 51820`
			`- name: ftl`
			`interfaces:`
			`- lo`
			`ports:`
			`- 4711/tcp`

			`firewalld_remove:`
			`- name: public`
			`masquerade: true`
			`services:`
			`- http`
			`- https`
			```


			`## Deployment and Removal`

			`Deploy`

			```
			`ansible-playbook -i hosts site.yml --tags=firewalld --limit=somehost`
			```

			`Remove`

			```
			`ansible-playbook -i hosts site.yml --tags=firewalld --extra-vars "firewall_action=remove" --limit=somehost`
			```