diff --git a/roles/virt-common/tasks/firewall.yml b/roles/virt-common/tasks/firewall.yml index 4e649c1..03dc312 100644 --- a/roles/virt-common/tasks/firewall.yml +++ b/roles/virt-common/tasks/firewall.yml @@ -18,8 +18,9 @@ permanent: true state: enabled - - name: Deny incoming connections to SSH port in default zone + - name: Deny incoming connections to SSH port in zone 'public' ansible.posix.firewalld: + zone: public service: ssh permanent: true state: disabled @@ -46,23 +47,32 @@ when: hostname in groups['proxyservers'] notify: Reload firewalld block: - - name: Allow incoming connections to HTTP port in zone 'dmz' + - name: Allow incoming connections to HTTP port in zones 'public' and 'dmz' ansible.posix.firewalld: - zone: dmz + zone: "{{ item }}" service: http permanent: true state: enabled + loop: + - public + - dmz - - name: Allow incoming connections to HTTPS port in zone 'dmz' + - name: Allow incoming connections to HTTPS port in zones 'public' and 'dmz' ansible.posix.firewalld: - zone: dmz + zone: "{{ item }}" service: https permanent: true state: enabled + loop: + - public + - dmz - - name: Allow incoming connections to HTTP/3 port in zone 'dmz' + - name: Allow incoming connections to HTTP/3 port in zones 'public' and 'dmz' ansible.posix.firewalld: - zone: dmz + zone: "{{ item }}" service: http3 permanent: true state: enabled + loop: + - public + - dmz