xbazzi/ansible-on-prem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible-on-prem/roles/server/firewall/tasks/main.yml
xbazzi 3529072bea Docker Swag setup
2025-07-16 17:14:16 -06:00

153 lines
3.8 KiB
YAML
Raw Blame History

---
- name: Enable and start firewalld
ansible.builtin.systemd:
name: firewalld
enabled: yes
state: started
- name: Assign interface ens18 to core zone
ansible.posix.firewalld:
interface: ens18
zone: core
state: enabled
permanent: true
- name: Assign interface ens19 to mgmt zone
ansible.posix.firewalld:
interface: ens19
zone: mgmt
state: enabled
permanent: true
- name: Assign interface ens20 to dmz zone
ansible.posix.firewalld:
interface: ens20
zone: dmz
state: enabled
permanent: true
# - name: Set core to default
# ansible.builtin.command: firewall-cmd --set-default-zone=core
- name: Reload firewalld to apply changes
ansible.builtin.command: firewall-cmd --reload
- name: DROP all traffic on dmz by default
ansible.builtin.firewalld:
zone: dmz
target: "DROP"
permanent: true
state: enabled
################ SWARM SETUP ################
- name: Open Docker Swarm manager inbound port 2377/tcp
ansible.builtin.firewalld:
zone: mgmt
port: 2377/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm data overlay node discovery port 7946/tcp
ansible.builtin.firewalld:
zone: core
port: 7946/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm mgmt overlay node discovery port 7946/tcp
ansible.builtin.firewalld:
zone: mgmt
port: 7946/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm core overlay node discovery port 7946/udp
ansible.builtin.firewalld:
zone: core
port: 7946/udp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm mgmt overlay node discovery port 7946/udp
ansible.builtin.firewalld:
zone: mgmt
port: 7946/udp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm overlay network traffic 4789/udp
ansible.builtin.firewalld:
zone: core
port: 4789/udp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
############# Docker Services ###########
- name: Open Docker Stack portainer 9443/tcp
ansible.builtin.firewalld:
zone: core
port: 9443/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Stack nginx 8080/tcp
ansible.builtin.firewalld:
zone: core
port: 8080/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 443/tcp
ansible.builtin.firewalld:
zone: core
port: 443/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 80/tcp
ansible.builtin.firewalld:
zone: core
port: 80/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 80/tcp
ansible.builtin.firewalld:
zone: core
port: 80/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 2019/tcp
ansible.builtin.firewalld:
zone: core
port: 2019/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
# - name: Open Portainer env port 9001/tcp
# ansible.builtin.firewalld:
# zone: core
# port: 9001/tcp
# permanent: true
# state: enabled
# when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Restart firewalld service
ansible.builtin.systemd_service:
name: firewalld
state: restarted
enabled: true
Reference in New Issue View Git Blame Copy Permalink