diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 5addd2c..0000000 --- a/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2024 Shane Wadleigh - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml index f2be36e..fe73630 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,3 +4,28 @@ firewalld_packages: firewalld_service_name: firewalld firewalld_default_zone: public +#firewalld_backend: nftables + +#firewalld_add: +# - name: {{ firewalld_default_zone }} +# masquerade: true +# services: +# - dhcpv6-client +# - ssh +# - http +# - https +# - name: zone_name +# services: +# - dhcpv6-client +# - ssh +# ports: +# - 443/udp +# rules: +# + +#firewalld_remove: +# - name: {{ firewalld_default_zone }} +# masquerade: false +# services: +# - http +# - https diff --git a/handlers/main.yml b/handlers/main.yml index 85ea00e..04d357e 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,7 +1,7 @@ --- - - name: Start/Enable firewalld listen: start-firewalld + become: true ansible.builtin.systemd: name: "{{ firewalld_service_name }}" state: restarted @@ -9,4 +9,5 @@ - name: Reload firewalld listen: reload-firewalld + become: true ansible.builtin.command: "firewall-cmd --reload" diff --git a/meta/main.yml b/meta/main.yml index 97ed34f..087f110 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,35 +1,25 @@ --- -dependencies: [] - galaxy_info: - role_name: firewalld - author: srw - description: Ansible role for configuring firewalld rules - company: "Midwestern Mac, LLC" - license: "license (BSD, MIT)" - min_ansible_version: "2.10" + author: Shane Wadleigh + description: An Ansible role for configuring firewalld rules + company: 20C + license: Apache + min_ansible_version: "2" platforms: - - name: Fedora - versions: - - all - - name: Debian - versions: - - buster - - bullseye - - bookworm - - name: Ubuntu - versions: - - bionic - - focal - - jammy - - name: Alpine - version: - - all - - name: ArchLinux - versions: - - all - galaxy_tags: - - server - - system - - firewall - - security + - name: EL + versions: + - all + - name: Fedora + versions: + - all + - name: Ubuntu + versions: + - all + - name: Debian + versions: + - all +dependencies: [] +#dependencies: +# - name: common +# src: https://github.com/your-username/common-role +# version: master # You can specify a specific tag or branch diff --git a/tasks/main.yml b/tasks/main.yml index d157627..be7c37e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,8 +1,8 @@ --- - name: Setup and configure firewalld service tags: firewalld + become: true block: - - name: Install firewalld packages ansible.builtin.package: name: "{{ item }}" @@ -43,11 +43,10 @@ when: - firewalld_remove is defined and firewalld_remove | length > 0 - - name: Adding zones, interfaces, services, ports, rules ansible.builtin.include_tasks: rules.yml vars: firewall_action: "add" firewall_rules: "{{ firewalld_add }}" when: - - firewalld_add is defined and firewalld_add | length > 0 \ No newline at end of file + - firewalld_add is defined and firewalld_add | length > 0