Ansible Role firewall
This role configures a firewall on the system. For the currently supported firewalls, see the options for the firewall__firewall variable below.
Mandatory Requirements
When using
firewall__firewall == fwbuilder, you either need to manually deploy a Firewall Builder file to/etc/fwb.shor use thefirewall__fwbuilder_repo_urlvariable to clone the Firewall Builder files automatically.
Optional Requirements
When using
firewall__firewall == iptables, you can place an iptables config file in your inventory, which will be deployed to the system. The file has to be placed into{{ inventory_dir }}/host_files/{{ inventory_hostname }}/etc/sysconfig/iptables.
Optional Role Variables
Variable |
Description |
Default Value |
|---|---|---|
|
Which firewall should be activated and configured. All other firewalls will be disabled. Possible options: |
|
|
List of dictionaries defining the FirewallD ports. Subkeys:
|
|
|
List of dictionaries defining the FirewallD services. Subkeys:
|
|
|
The name of the Firewall Builder file which will be created when compiling the firewall in Firewall Builder. Needed if |
|
|
The GIT repository URL to clone the compiled firewall files from. |
|
Example:
# optional
firewall__firewall: 'fwbuilder'
firewall__firewalld_ports__group_var: []
firewall__firewalld_ports__host_var:
- port: '1234/tcp'
state: 'enabled'
firewall__firewalld_services__group_var: []
firewall__firewalld_services__host_var:
- service: 'ssh'
state: 'enabled'
firewall__fwbuilder_fw_file: 'example.fw'
firewall__fwbuilder_repo_url: 'git@git.example.com:fwbuilder/fwb.git'