xbazzi/ansible-on-prem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible-on-prem/roles/server/firewall/tasks/main.yml
xbazzi e7ba86f10a
All checks were successful
Simple Mirror to GitHub / mirror (push) Successful in 35s
Details
Feat: add scylladb + a bunch of stuff I forgot to commit earlier
2025-08-21 23:43:52 -06:00

172 lines
4.2 KiB
YAML
Raw Blame History

---
- name: Enable and start firewalld
ansible.builtin.systemd:
name: firewalld
enabled: yes
state: started
- name: Assign interface ens18 to core zone
ansible.posix.firewalld:
interface: ens18
# masquerade: true
zone: core
state: enabled
permanent: true
- name: Assign interface ens19 to mgmt zone
ansible.posix.firewalld:
interface: ens19
# masquerade: true
zone: mgmt
state: enabled
permanent: true
- name: Assign interface ens20 to dmz zone
ansible.posix.firewalld:
interface: ens20
# masquerade: true
zone: dmz
state: enabled
permanent: true
# - name: Set core to default
# ansible.builtin.command: firewall-cmd --set-default-zone=core
- name: Reload firewalld to apply changes
ansible.builtin.command: firewall-cmd --reload
# - name: DROP all traffic on dmz by default
# ansible.builtin.firewalld:
# zone: dmz
# target: "DROP"
# permanent: true
# state: enabled
################ SWARM SETUP ################
- name: Open Docker Swarm manager inbound port 2377/tcp
ansible.builtin.firewalld:
zone: mgmt
port: 2377/tcp
permanent: true
state: enabled
when: "'swarm_manager' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm data overlay node discovery port 7946/tcp
ansible.builtin.firewalld:
zone: core
port: 7946/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm mgmt overlay node discovery port 7946/tcp
ansible.builtin.firewalld:
zone: mgmt
port: 7946/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm core overlay node discovery port 7946/udp
ansible.builtin.firewalld:
zone: core
port: 7946/udp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm mgmt overlay node discovery port 7946/udp
ansible.builtin.firewalld:
zone: mgmt
port: 7946/udp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm overlay network traffic 4789/udp
ansible.builtin.firewalld:
zone: core
port: 4789/udp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Swarm overlay network traffic 4789/udp on mgmt
ansible.builtin.firewalld:
zone: mgmt
port: 4789/udp
permanent: true
state: enabled
############# Docker Services ###########
- name: Open Docker Stack portainer 9443/tcp
ansible.builtin.firewalld:
# zone: core
port: 9443/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Docker Stack nginx 8080/tcp
ansible.builtin.firewalld:
# zone: core
port: 8080/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 4443/tcp
ansible.builtin.firewalld:
# zone: core
port: 4443/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 4443/udp
ansible.builtin.firewalld:
# zone: core
port: 4443/udp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 4080/tcp
ansible.builtin.firewalld:
# zone: core
port: 4080/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open Caddy 2019/tcp
ansible.builtin.firewalld:
# zone: core
port: 2019/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open FlowTodo 4000/tcp
ansible.builtin.firewalld:
# zone: core
port: 4000/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Open DumbWhois 3000/tcp
ansible.builtin.firewalld:
# zone: core
port: 3000/tcp
permanent: true
state: enabled
when: "'swarm' in hostvars[inventory_hostname]['vm_roles']"
- name: Restart firewalld service
ansible.builtin.systemd_service:
name: firewalld
state: restarted
enabled: true
Reference in New Issue View Git Blame Copy Permalink