46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
---
|
|
- name: "Install & Configure Firewalld"
|
|
hosts: all
|
|
|
|
tasks:
|
|
# Setup correct Firewall
|
|
- name: "Stop and disable ufw"
|
|
ansible.builtin.service:
|
|
name: "ufw"
|
|
state: stopped
|
|
enabled: no
|
|
become: True
|
|
- name: "Remove ufw"
|
|
ansible.builtin.package:
|
|
name: "ufw"
|
|
state: "absent"
|
|
become: True
|
|
- name: "Install & Update firewalld"
|
|
ansible.builtin.package:
|
|
name: "firewalld"
|
|
state: "latest"
|
|
become: True
|
|
- name: "Start and enable firewalld"
|
|
ansible.builtin.service:
|
|
name: "firewalld"
|
|
state: "started"
|
|
enabled: yes
|
|
# Create Firewall Rules loaded from external Playbooks
|
|
- name: "Create Firewall Rules for any Node"
|
|
import_playbook: all.rules.firewalld.yaml
|
|
# Create Firewall Rules for Groups loaded from external Playbooks
|
|
- name: "Create Firewall Rules for Servers"
|
|
import_playbook: servers.rules.firewalld.yaml
|
|
- name: "Create Firewall Rules for RPIS"
|
|
import_playbook: rpis.rules.firewalld.yaml
|
|
# Create Firewall Rules for specific Hosts loaded from external Playbooks
|
|
- name: "Create Firewall Rules for srvdoc01"
|
|
import_playbook: srvdoc01.rul0es.firewalld.yaml
|
|
# Reload Firewall to activate new Rules
|
|
- name: "Reload Firewall Rules"
|
|
ansible.builtin.command:
|
|
cmd: "firewall-cmd --reload"
|
|
# Due to security Conditions Fail2ban gets installed too
|
|
- name: "Install Fail2ban with custom Ansible-Playbook"
|
|
import_playbook: ../prod/fail2ban.yaml
|
|
... |