ansible/playbooks/firewalld/firewalld.yaml

---
- name: "Install & Configure Firewalld"
  hosts: all

  tasks:
# Setup correct Firewall
  - name: "Stop and disable ufw"
    ansible.builtin.service:
      name: "ufw"
      state: stopped
      enabled: no
    become: True
  - name: "Remove ufw"
    ansible.builtin.package:
      name: "ufw"
      state: "absent"
    become: True
  - name: "Install & Update firewalld"
    ansible.builtin.package:
      name: "firewalld"
      state: "latest"
    become: True
  - name: "Start and enable firewalld"
    ansible.builtin.service:
      name: "firewalld"
      state: "started"
      enabled: yes
# Create Firewall Rules loaded from external Playbooks
  - name: "Create Firewall Rules for any Node"
    import_playbook: all.rules.firewalld.yaml
# Create Firewall Rules for Groups loaded from external Playbooks
  - name: "Create Firewall Rules for Servers"
    import_playbook: servers.rules.firewalld.yaml
  - name: "Create Firewall Rules for RPIS"
    import_playbook: rpis.rules.firewalld.yaml
# Create Firewall Rules for specific Hosts loaded from external Playbooks
  - name: "Create Firewall Rules for srvdoc01"
    import_playbook: srvdoc01.rul0es.firewalld.yaml
# Reload Firewall to activate new Rules
  - name: "Reload Firewall Rules"
    ansible.builtin.command:
      cmd: "firewall-cmd --reload"
# Due to security Conditions Fail2ban gets installed too
  - name: "Install Fail2ban with custom Ansible-Playbook"
    import_playbook: ../prod/fail2ban.yaml
...
Initial Push of scraped playbooks 2021-12-06 09:45:41 +01:00			`---`
			`- name: "Install & Configure Firewalld"`
			`hosts: all`

			`tasks:`
			`# Setup correct Firewall`
			`- name: "Stop and disable ufw"`
			`ansible.builtin.service:`
			`name: "ufw"`
			`state: stopped`
			`enabled: no`
			`become: True`
			`- name: "Remove ufw"`
			`ansible.builtin.package:`
			`name: "ufw"`
			`state: "absent"`
			`become: True`
			`- name: "Install & Update firewalld"`
			`ansible.builtin.package:`
			`name: "firewalld"`
			`state: "latest"`
			`become: True`
			`- name: "Start and enable firewalld"`
			`ansible.builtin.service:`
			`name: "firewalld"`
			`state: "started"`
			`enabled: yes`
			`# Create Firewall Rules loaded from external Playbooks`
			`- name: "Create Firewall Rules for any Node"`
			`import_playbook: all.rules.firewalld.yaml`
			`# Create Firewall Rules for Groups loaded from external Playbooks`
			`- name: "Create Firewall Rules for Servers"`
			`import_playbook: servers.rules.firewalld.yaml`
			`- name: "Create Firewall Rules for RPIS"`
			`import_playbook: rpis.rules.firewalld.yaml`
			`# Create Firewall Rules for specific Hosts loaded from external Playbooks`
			`- name: "Create Firewall Rules for srvdoc01"`
			`import_playbook: srvdoc01.rul0es.firewalld.yaml`
			`# Reload Firewall to activate new Rules`
			`- name: "Reload Firewall Rules"`
			`ansible.builtin.command:`
			`cmd: "firewall-cmd --reload"`
			`# Due to security Conditions Fail2ban gets installed too`
			`- name: "Install Fail2ban with custom Ansible-Playbook"`
			`import_playbook: ../prod/fail2ban.yaml`
			`...`