--- - name: Enable and start firewalld ansible.builtin.systemd: name: firewalld enabled: yes state: started - name: Assign interface ens18 to core zone ansible.posix.firewalld: interface: ens18 zone: core state: enabled permanent: true - name: Assign interface ens19 to mgmt zone ansible.posix.firewalld: interface: ens19 zone: mgmt state: enabled permanent: true - name: Assign interface ens20 to dmz zone ansible.posix.firewalld: interface: ens20 zone: dmz state: enabled permanent: true # - name: Set core to default # ansible.builtin.command: firewall-cmd --set-default-zone=core - name: Reload firewalld to apply changes ansible.builtin.command: firewall-cmd --reload - name: DROP all traffic on dmz by default ansible.builtin.firewalld: zone: dmz target: "DROP" permanent: true state: enabled ################ SWARM SETUP ################ - name: Open Docker Swarm manager inbound port 2377/tcp ansible.builtin.firewalld: zone: mgmt port: 2377/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Docker Swarm data overlay node discovery port 7946/tcp ansible.builtin.firewalld: zone: core port: 7946/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Docker Swarm mgmt overlay node discovery port 7946/tcp ansible.builtin.firewalld: zone: mgmt port: 7946/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Docker Swarm core overlay node discovery port 7946/udp ansible.builtin.firewalld: zone: core port: 7946/udp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Docker Swarm mgmt overlay node discovery port 7946/udp ansible.builtin.firewalld: zone: mgmt port: 7946/udp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Docker Swarm overlay network traffic 4789/udp ansible.builtin.firewalld: zone: core port: 4789/udp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" ############# Docker Services ########### - name: Open Docker Stack portainer 9443/tcp ansible.builtin.firewalld: zone: core port: 9443/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Docker Stack nginx 8080/tcp ansible.builtin.firewalld: zone: core port: 8080/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Caddy 443/tcp ansible.builtin.firewalld: zone: core port: 443/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Caddy 80/tcp ansible.builtin.firewalld: zone: core port: 80/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Caddy 80/tcp ansible.builtin.firewalld: zone: core port: 80/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Open Caddy 2019/tcp ansible.builtin.firewalld: zone: core port: 2019/tcp permanent: true state: enabled when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" # - name: Open Portainer env port 9001/tcp # ansible.builtin.firewalld: # zone: core # port: 9001/tcp # permanent: true # state: enabled # when: "'swarm' in hostvars[inventory_hostname]['vm_roles']" - name: Restart firewalld service ansible.builtin.systemd_service: name: firewalld state: restarted enabled: true