44 lines
1.0 KiB
YAML
44 lines
1.0 KiB
YAML
---
|
|
- name: Enable and start firewalld
|
|
ansible.builtin.systemd:
|
|
name: firewalld
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Assign interface ens18 to core zone
|
|
ansible.posix.firewalld:
|
|
interface: ens18
|
|
zone: core
|
|
state: enabled
|
|
permanent: true
|
|
|
|
- name: Assign interface ens19 to mgmt zone
|
|
ansible.posix.firewalld:
|
|
interface: ens19
|
|
zone: mgmt
|
|
state: enabled
|
|
permanent: true
|
|
|
|
- name: Assign interface ens20 to dmz zone
|
|
ansible.posix.firewalld:
|
|
interface: ens20
|
|
zone: dmz
|
|
state: enabled
|
|
permanent: true
|
|
|
|
- name: Set core to default
|
|
ansible.builtin.command: firewall-cmd --set-default-zone=core --permanent
|
|
|
|
- name: Remove ens18 from public
|
|
ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18 --permanent
|
|
|
|
- name: Assign interface ens18 to "internal" zone
|
|
ansible.posix.firewalld:
|
|
interface: ens18
|
|
zone: internal
|
|
state: enabled
|
|
permanent: true
|
|
|
|
- name: Reload firewalld to apply changes
|
|
ansible.builtin.command: firewall-cmd --reload
|