shhirose.firewalld

ansible-firewalld

Build Status

This is an Ansible role for installing and setting up firewalld for RedHat Enterprise Linux.

Requirements

None

Example of Role Variables

shhirose_firewalld:
  default_zone: public

  zones:
    - zone: test1
      state: enabled

  interfaces:
    - interface: eth901
      zone: public
      immediate: yes
      permanent: true
      state: enabled

  targets:
    - target: DROP
      zone: home

  masquerades:
    - masquerade: yes
      zone: public
      immediate: yes
      permanent: true

  services:
    - service: http
      zone: public
      immediate: yes
      permanent: true
      state: enabled

  ports:
    - port: "8080/tcp"
      zone: public
      immediate: yes
      permanent: true
      state: enabled

  rich_rules:
    - rule: 'rule family="ipv4" source address="192.168.0.0/16" port protocol="tcp" port="22" accept'
      zone: public
      immediate: yes
      permanent: false
      state: enabled

  icmp_blocks:
    - type: echo-request
      zone: public
      immediate: yes
      permanent: false
      state: enabled

  sources:
    - source: "172.10.0.0/16"
      zone: public
      immediate: yes
      permanent: false
      state: enabled

  forward_ports:
    - proto: "tcp"
      port: "50022"
      toaddr: "192.168.10.10"
      toport: "22"
      zone: public
      immediate: yes
      permanent: false
      state: enabled

Parameters for Variables

Zones

Key	Required	Default	Type	Values	Notes
zone	Yes		String		Name of the zone
state	Yes		String	enabled, disabled	Create a new zone if enabled.

Targets

Key	Required	Default	Type	Values	Notes
target	Yes		String	default, ACCEPT, REJECT, DROP
zone	No		String		Name of the zone

Masquerades

Key	Required	Default	Type	Values	Notes
masquerade	Yes		String	yes, no
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.

Interfaces

Key	Required	Default	Type	Values	Notes
interface	Yes		String		Name of the interface
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.
state	Yes		String	enabled, disabled	Create a new zone if enabled.

Services

Key	Required	Default	Type	Values	Notes
service	Yes		String		Name of the service
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.
state	Yes		String	enabled, disabled	Create a new zone if enabled.

Ports

Key	Required	Default	Type	Values	Notes
port	Yes		String		Port number
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.
state	Yes		String	enabled, disabled	Create a new zone if enabled.

Sources

Key	Required	Default	Type	Values	Notes
source	Yes		String		Source for restricted connections
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.
state	Yes		String	enabled, disabled	Create a new zone if enabled.

Rich Rules

Key	Required	Default	Type	Values	Notes
rule	Yes		String		Value of the rich rule
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.
state	Yes		String	enabled, disabled	Create a new zone if enabled.

ICMP Blocks

Key	Required	Default	Type	Values	Notes
type	Yes		String		Type of ICMP block
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.
state	Yes		String	enabled, disabled	Create a new zone if enabled.

Forward Ports

Key	Required	Default	Type	Values	Notes
proto	Yes		String		Source protocol
port	Yes		String		Source port
toport	No		String		Destination port
toaddr	No		String		Destination address
zone	No		String		Name of the zone
immediate	No	yes	String	yes, no	Apply this setting immediately.
permanent	No	no	Boolean	true, false	Keep this setting permanent.
state	Yes		String	enabled, disabled	Create a new zone if enabled.

Dependencies

None

Example Playbook

- hosts: servers
  roles:
     - { role: shhirose.firewalld }
  vars:
    shhirose_firewalld:
      services:
        - service: http
          zone: public
          immediate: yes
          permanent: true
          state: enabled
        - service: https
          zone: public
          immediate: yes
          permanent: true
          state: enabled
      ports:
        - port: 8080/tcp
          zone: public
          immediate: yes
          permanent: true
          state: enabled

License

MIT

Informazioni sul progetto

This is Ansible role for Firewalld install and setting for RedHat Enterprise Linux.

role firewalld security system

Installa

ansible-galaxy install shhirose.firewalld

GitHub repository

3 stelle

9 fork

0 problemi aperti

Licenza

mit

Download

2.3k

Proprietario

shhirose