The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
icmp_block
string
added in 2.8 |
The ICMP block you would like to add/remove to/from a zone in firewalld.
|
|
icmp_block_inversion
string
added in 2.8 |
Enable/Disable inversion of ICMP blocks for a zone in firewalld.
|
|
immediate
boolean
|
|
Should this configuration be applied immediately, if set as permanent.
|
interface
string
added in 2.1 |
The interface you would like to add/remove to/from a zone in firewalld.
|
|
masquerade
string
added in 2.1 |
The masquerade setting you would like to enable/disable to/from zones within firewalld.
|
|
offline
boolean
added in 2.3 |
|
Whether to run this module even when firewalld is offline.
|
permanent
boolean
|
|
Should this configuration be in the running firewalld configuration or persist across reboots.
As of Ansible 2.3, permanent operations can operate on firewalld configs when it is not running (requires firewalld >= 3.0.9).
Note that if this is
no , immediate is assumed yes . |
port
string
|
Name of a port or port range to add/remove to/from firewalld.
Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
|
|
rich_rule
string
|
Rich rule to add/remove to/from firewalld.
|
|
service
string
|
Name of a service to add/remove to/from firewalld.
The service must be listed in output of firewall-cmd --get-services.
|
|
source
string
added in 2.0 |
The source/network you would like to add/remove to/from firewalld.
|
|
state
string
/ required
|
|
Enable or disable a setting.
For ports: Should this port accept (enabled) or reject (disabled) connections.
The states
present and absent can only be used in zone level operations (i.e. when no other parameters but zone and state are set). |
timeout
integer
|
Default: 0
|
The amount of time the rule should be in effect for when non-permanent.
|
zone
string
|
The firewalld zone to add/remove to/from.
Note that the default zone can be configured per system but
public is default from upstream.Available choices can be extended based on per-system configs, listed here are "out of the box" defaults.
Possible values include
block , dmz , drop , external , home , internal , public , trusted , work . |
Note
- firewalld:
service: https
permanent: yes
state: enabled
- firewalld:
port: 8081/tcp
permanent: yes
state: disabled
- firewalld:
port: 161-162/udp
permanent: yes
state: enabled
- firewalld:
zone: dmz
service: http
permanent: yes
state: enabled
- firewalld:
rich_rule: rule service name="ftp" audit limit value="1/m" accept
permanent: yes
state: enabled
- firewalld:
source: 192.0.2.0/24
zone: internal
state: enabled
- firewalld:
zone: trusted
interface: eth2
permanent: yes
state: enabled
- firewalld:
masquerade: yes
state: enabled
permanent: yes
zone: dmz
- firewalld:
zone: custom
state: present
permanent: yes
- firewalld:
zone: drop
state: present
permanent: yes
icmp_block_inversion: yes
- firewalld:
zone: drop
state: present
permanent: yes
icmp_block: echo-request
- name: Redirect port 443 to 8443 with Rich Rule
firewalld:
rich_rule: rule forward-port port=443 protocol=tcp to-port=8443
zone: public
permanent: yes
immediate: yes
state: enabled
Hint
If you notice any issues in this documentation you can edit this document to improve it.