Remove firewall rules from public servers

inventory.ini

@@ -10,22 +10,22 @@
 [pub_cloud]
 sapt-labc-pub01
 
-# [mon_cloud]
-# sapt-labc-mon01
-
 # [sec_cloud]
 # sapt-labc-sec01
 
 [cloud:children]
 pub_cloud
-# mon_cloud
 # sec_cloud
 
 [prx_shrd]
 sapt-labr-prx01
 
+# [mon_shrd]
+# sapt-labr-mon01
+
 [shared:children]
 prx_shrd
+# mon_shrd
 
 [app_prod]
 sapt-labp-app01
@@ -58,15 +58,15 @@ mda_stage
 [publicservers:children]
 pub_cloud
 
-# [monitorservers:children]
-# mon_cloud
-
 # [securityservers:children]
 # sec_cloud
 
 [proxyservers:children]
 prx_shrd
 
+# [monitorservers:children]
+# mon_shrd
+
 [appservers:children]
 app_prod
 app_stage

roles/virt-common/tasks/firewall.yml

@@ -56,8 +56,7 @@
         state: enabled
 
 - name: Firewall rules for proxy & public servers
-  when: hostname in groups['proxyservers'] or
-        hostname in groups['publicservers']
+  when: hostname in groups['proxyservers']
   notify: Reload firewalld
   block:
     - name: Allow incoming connections to HTTP port in zones 'public' and 'dmz'