first commit

2020-05-05 17:30:40 +02:00
commit c48b02bd78
5 changed files with 211 additions and 0 deletions
--- a/tasks/firewalld.yml
+++ b/tasks/firewalld.yml
@@ -0,0 +1,46 @@
+- name: Ensure firewalld is enabled
+  service:
+    name: firewalld
+    enabled: true
+    state: started
+
+- name: Set external interface
+  firewalld:
+    state: enabled
+    interface: eth1
+    zone: external
+    permanent: yes
+    immediate: yes
+
+- name: Set internal interface
+  firewalld:
+    state: enabled
+    interface: eth2
+    zone: internal
+    permanent: yes
+    immediate: yes
+
+- name: Open firewalld ports
+  firewalld:
+    port: "{{ item.port }}"
+    state: enabled
+    zone: "{{ item.zone }}"
+    immediate: yes
+    permanent: yes
+  loop:
+    - port: 80/tcp
+      zone: external
+    - port: 443/tcp
+      zone: external
+    - port: 80/tcp
+      zone: internal
+    - port: 443/tcp
+      zone: internal
+    - port: 22623/tcp
+      zone: internal
+    - port: 8000/tcp
+      zone: internal
+    - port: 6443/tcp
+      zone: internal
+    - port: 6443/tcp
+      zone: external