- Learning Ansible 2.7(Third Edition)
- Fabio Alessandro Locati
- 221字
- 2021-06-24 15:08:44
Ensuring that FirewallD is present and enabled
As you can imagine, the first step is to ensure that FirewallD is installed:
- name: Ensure FirewallD is installed
yum:
name: firewalld
state: present
become: True
Since we want to be sure that we will not lose our SSH connection when we enable FirewallD, we will ensure that SSH traffic can always pass through it:
- name: Ensure SSH can pass the firewall
firewalld:
service: ssh
state: enabled
permanent: True
immediate: True
become: True
To do so, we have used the firewalld module. This module will take parameters that are very similar to the ones the firewall-cmd console would use. You will have to specify the service that is to be authorized to pass the firewall, whether you want this rule to apply immediately or not, and whether or not you want the rule to be permanent, so that after a reboot the rule will still be present.
Now that we have installed FirewallD and we are sure that our SSH connection will survive, we can enable it as we do any other service:
- name: Ensure FirewallD is running
service:
name: firewalld
state: started
enabled: True
become: True