Hello,
in our company we want to allow central firewall management all of the ansible code is in git. So the idea is to add a role where we define per host or hostgroup what rules that are applicable.
When the role is added / executed on the host it should check if any rules are appicable.
We are using awx to to the scheduled checking.
Is there any exisiting module that does such a thing.
Tried to fiddle around with it but cant get it to work for multiple hosts bellow my attempt
handlers\main.yml
---
- name: Reload Firewall
ansible.builtin.service:
name: firewalld
state: reloaded
tasks\main.yml
---
- name: Create Firewall rules XML files for each server
ansible.builtin.template:
src: "templates/firewall_rules.xml.j2"
dest: "/etc/firewalld/services/{{ item.key }}.xml"
mode: "0600"
loop: "{{ firewall_ports | dict2items }}"
when: item.key == inventory_hostname
notify: Reload Firewall
- name: Ensure firewall rules are loaded and applied
ansible.posix.firewalld:
service: "{{ item.key }}"
state: enabled
permanent: true
immediate: true
loop: "{{ firewall_ports | dict2items }}"
when: item.key == inventory_hostname
notify: Reload Firewall
templates\firewall_rules.xml.j2
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>{{ item.key }} Rules</short>
<description>Firewall rules for {{ item.key }}</description>
{% for port in item.value %}
<port protocol="{{ port.split('/')[1] }}" port="{{ port.split('/')[0] }}"/>
{% endfor %}
</service>
vars\main.yml
---
# vars file for firewall-management
firewall_ports:
alain-test:
- 443/tcp
- 25/tcp
NETBOX-01:
- 80/tcp
- 443/tcp
- 25/tcp