This role provides basic hole punching and local port forwarding for the firewalld service, to aid in the task of running application stacks deployed using the OASIS roles. It provides a simple interface to the Ansible firewalld module.
Ansible 2.4 or higher
Red Hat Enterprise Linux 7 or equivalent
Valid Red Hat Subscriptions
Currently the following variables are supported:
firewalld_zone
- firewall zone for all rulesfirewalld_ports_open
- permanently open ports (IPv4+IPv6) for given firewall zonefirewalld_services
- a list of named services for firewalld to enablefirewalld_ports_forward
- permanently forward local ports (IPv4+IPV6) for given firewall zone, e.g. TCP 80->8080 for webappsfirewalld_become
- use Ansible "become" for proper authorization to manage the firewall
None
- hosts: firewalld-servers
roles:
- role: firewalld
firewalld_zone: public
firewalld_ports_open:
- proto: tcp
port: 8080
- proto: udp
port: 9990-9999
firewalld_services:
- ssh
firewalld_ports_forward:
- proto: tcp
port: 80
to_port: 8080
firewalld_become: true
GPLv3
David Roble [email protected]