92 lines
1.8 KiB
YAML
92 lines
1.8 KiB
YAML
---
|
|
- name: Installation de firewalld
|
|
apt:
|
|
state: present
|
|
name:
|
|
- firewalld
|
|
|
|
- name: affectation de l'interface enp0s3 a la zone external
|
|
ansible.posix.firewalld:
|
|
zone: external
|
|
interface: enp0s3
|
|
permanent: true
|
|
state: enabled
|
|
|
|
- name: affectation de l'interface enp0s8 a la zone external
|
|
ansible.posix.firewalld:
|
|
zone: internal
|
|
interface: enp0s8
|
|
permanent: true
|
|
state: enabled
|
|
|
|
- name: FirewallD rules pour la zone internal
|
|
firewalld:
|
|
zone: internal
|
|
permanent: yes
|
|
immediate: yes
|
|
service: "{{ item }}"
|
|
state: enabled
|
|
with_items:
|
|
- http
|
|
- https
|
|
- dns
|
|
- ssh
|
|
- rdp
|
|
|
|
- name: FirewallD rules pour la zone internal
|
|
firewalld:
|
|
zone: external
|
|
permanent: yes
|
|
immediate: yes
|
|
service: "{{ item }}"
|
|
state: enabled
|
|
with_items:
|
|
- ssh
|
|
- rdp
|
|
#- ansible.posix.firewalld:
|
|
# zone: internal
|
|
# service: http
|
|
# permanent: true
|
|
# state: enabled
|
|
|
|
#- ansible.posix.firewalld:
|
|
# zone: internal
|
|
# service: dns
|
|
# permanent: true
|
|
#state: enabled
|
|
|
|
#- ansible.posix.firewalld:
|
|
# zone: internal
|
|
# service: ssh
|
|
# permanent: true
|
|
# state: enabled
|
|
|
|
#- ansible.posix.firewalld:
|
|
# zone: internal
|
|
# service: rdp
|
|
#permanent: true
|
|
#state: enabled
|
|
|
|
|
|
- ansible.posix.firewalld:
|
|
zone: internal
|
|
port: 8080/tcp
|
|
permanent: true
|
|
state: enabled
|
|
|
|
- ansible.posix.firewalld:
|
|
zone: external
|
|
port: 3389/tcp
|
|
permanent: true
|
|
state: enabled
|
|
|
|
- ansible.posix.firewalld:
|
|
port_forward:
|
|
- port: 3389
|
|
proto: tcp
|
|
toaddr: "192.168.99.6"
|
|
toport: 3389
|
|
state: enabled
|
|
immediate: yes
|
|
|