ansible/roles/vm-common/tasks/firewall.yml

# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Move internal network to zone 'internal'
  ansible.posix.firewalld:
    zone: internal
    source: 10.2.1.0/24
    permanent: true
    state: enabled

- name: Allow incoming connections to SSH port in zone 'internal'
  ansible.posix.firewalld:
    zone: internal
    port: "{{ ansible_port }}"
    permanent: true
    state: enabled

# Until control VM is deployed
- name: Allow incoming connections to SSH port in default zone
  ansible.posix.firewalld:
    port: "{{ ansible_port }}"
    permanent: true
    state: enabled
QoL changes for *Vim users (#144) Co-authored-by: Sam Al-Sapti <sam@sapti.me> Reviewed-on: https://git.data.coop/data.coop/ansible/pulls/144 2022-12-29 21:13:31 +00:00			`# vim: ft=yaml.ansible`
Add hosts and move vars into var files 2024-03-01 20:30:18 +00:00			`# code: language=ansible`
Add firewall setup with UFW 2022-11-10 20:48:24 +00:00			`---`
Refactor vm-common (old ubuntu_base) role 2024-03-31 17:31:27 +00:00			`- name: Move internal network to zone 'internal'`
			`ansible.posix.firewalld:`
			`zone: internal`
			`source: 10.2.1.0/24`
			`permanent: true`
Add firewall setup with UFW 2022-11-10 20:48:24 +00:00			`state: enabled`
Make TCP the default allowed firewall protocol Custom protocol can still be specified by adding `proto: "proto"` to a loop item. 2022-11-22 20:37:37 +00:00
Refactor vm-common (old ubuntu_base) role 2024-03-31 17:31:27 +00:00			`- name: Allow incoming connections to SSH port in zone 'internal'`
			`ansible.posix.firewalld:`
			`zone: internal`
			`port: "{{ ansible_port }}"`
			`permanent: true`
			`state: enabled`

			`# Until control VM is deployed`
			`- name: Allow incoming connections to SSH port in default zone`
			`ansible.posix.firewalld:`
			`port: "{{ ansible_port }}"`
			`permanent: true`
			`state: enabled`