-
18 Nov 2020 13:02:29 +0000
18 Nov 2020 13:02:29 +000000:00:00.24Ansible 2.10.3CLI arguments
Argument Value
/home/travis/.ansible/roles/robertdebock.firewall/tasks/main.yml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | --- # tasks file for firewall - name: include assert.yml include_tasks: assert.yml run_once: yes - name: remove conflicting software package: name: "{{ firewall_packages_conflicting }}" state: absent when: - firewall_packages_conflicting is defined - name: install required software package: name: "{{ firewall_packages_required }}" state: present when: - firewall_packages_required is defined - name: open ports (ufw) ufw: rule: "{{ item.rule | default(firewall_default_rule) }}" port: "{{ item.name }}" proto: "{{ item.protocol | default(firewall_default_protocol) }}" loop: "{{ firewall_services }}" when: - ansible_connection != "docker" - firewall_services is defined - firewall_service == "ufw" loop_control: label: "{{ item.name }}" - name: close ports (ufw) ufw: rule: "{{ item.rule | default(firewall_default_rule) }}" port: "{{ item.name }}" proto: "{{ item.protocol | default(firewall_default_protocol) }}" delete: yes loop: "{{ firewall_services }}" when: - ansible_connection != "docker" - firewall_services is defined - firewall_service == "ufw" - item.state is defined - item.state == "absent" loop_control: label: "{{ item.name }}" - name: open ports (firewalld-port) firewalld: port: "{{ item.name }}/{{ item.protocol | default(firewall_default_protocol) }}" permanent: yes state: enabled loop: "{{ firewall_services }}" when: - ansible_connection != "docker" - firewall_services is defined - firewall_service == "firewalld" - item.name is number loop_control: label: "{{ item.name }}" notify: - reload firewalld - name: close ports (firewalld-port) firewalld: port: "{{ item.name }}/{{ item.protocol | default(firewall_default_protocol) }}" permanent: yes state: disabled loop: "{{ firewall_services }}" when: - ansible_connection != "docker" - firewall_services is defined - firewall_service == "firewalld" - item.name is number - item.state is defined - item.state == "absent" loop_control: label: "{{ item.name }}" notify: - reload firewalld - name: open ports (firewalld-service) firewalld: service: "{{ item.name }}" permanent: yes state: enabled loop: "{{ firewall_services }}" when: - ansible_connection != "docker" - firewall_services is defined - firewall_service == "firewalld" - item.name is not number loop_control: label: "{{ item.name }}" notify: - reload firewalld - name: close ports (firewalld-service) firewalld: service: "{{ item.name }}" permanent: yes state: disabled loop: "{{ firewall_services }}" when: - ansible_connection != "docker" - firewall_services is defined - firewall_service == "firewalld" - item.name is not number - item.state is defined - item.state == "absent" loop_control: label: "{{ item.name }}" notify: - reload firewalld - name: enable ufw ufw: state: enabled when: - ansible_connection != "docker" - firewall_service == "ufw" - name: configure iptables template: src: iptables.j2 dest: "{{ firewall_iptables_rulefile }}" validate: "iptables-restore --test %s" mode: "0640" when: - ansible_connection != "docker" - firewall_services is defined - firewall_service == "iptables" loop_control: label: "{{ item.name }}" notify: - reload firewall - name: start and enable firewall service service: name: "{{ firewall_service }}" state: started enabled: yes when: - ansible_connection != "docker" - firewall_service is defined |