ansible/roles/vm-common/tasks/firewall.yml

# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Move internal network to zone 'internal'
  ansible.posix.firewalld:
    zone: internal
    source: 10.2.1.0/24
    permanent: true
    state: enabled

- name: Allow incoming connections to SSH port in zone 'internal'
  ansible.posix.firewalld:
    zone: internal
    port: "{{ ansible_port }}"
    permanent: true
    state: enabled

# Until control VM is deployed
- name: Allow incoming connections to SSH port in default zone
  ansible.posix.firewalld:
    port: "{{ ansible_port }}"
    permanent: true
    state: enabled