samsapti/lab-ansible
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Allow HTTP(S) for public zone

Browse source
This commit is contained in:
Sam A. 2023-12-28 21:04:33 +01:00
parent 13604759a1
commit fa0d70732d
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
1 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
roles/virt-common/tasks/firewall.yml
View file

@ -18,8 +18,9 @@
permanent: true permanent: true
state: enabled state: enabled
- name: Deny incoming connections to SSH port in default zone - name: Deny incoming connections to SSH port in zone 'public'
ansible.posix.firewalld: ansible.posix.firewalld:
zone: public
service: ssh service: ssh
permanent: true permanent: true
state: disabled state: disabled
@ -46,23 +47,32 @@
when: hostname in groups['proxyservers'] when: hostname in groups['proxyservers']
notify: Reload firewalld notify: Reload firewalld
block: block:
- name: Allow incoming connections to HTTP port in zone 'dmz' - name: Allow incoming connections to HTTP port in zones 'public' and 'dmz'
ansible.posix.firewalld: ansible.posix.firewalld:
zone: dmz zone: "{{ item }}"
service: http service: http
permanent: true permanent: true
state: enabled state: enabled
loop:
- public
- dmz
- name: Allow incoming connections to HTTPS port in zone 'dmz' - name: Allow incoming connections to HTTPS port in zones 'public' and 'dmz'
ansible.posix.firewalld: ansible.posix.firewalld:
zone: dmz zone: "{{ item }}"
service: https service: https
permanent: true permanent: true
state: enabled state: enabled
loop:
- public
- dmz
- name: Allow incoming connections to HTTP/3 port in zone 'dmz' - name: Allow incoming connections to HTTP/3 port in zones 'public' and 'dmz'
ansible.posix.firewalld: ansible.posix.firewalld:
zone: dmz zone: "{{ item }}"
service: http3 service: http3
permanent: true permanent: true
state: enabled state: enabled
loop:
- public
- dmz