-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathconfigure-firewall-playbook.yml
92 lines (89 loc) · 2.01 KB
/
configure-firewall-playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#This list of ports was taken from:
#https://github.com/openshift/enhancements/blob/master/dev-guide/host-port-registry.md
#These tasks are intended as an example.
- hosts: localhost
tasks:
- name: Enable service firewalld
systemd:
name: firewalld
enabled: yes
#The next two tasks can be veried by: `sudo firewall-cmd --list-all`
- name: Open tcp ports
firewalld:
offline: yes
port: "{{ item }}/tcp"
permanent: yes
state: enabled
loop:
- 80
- 443
- 1936
- 2041
- 2379
- 2380
- 3306
- 5050
- 6080
- 6180-6181
- 6183
- 6385
- 6443
- 8089
- 9001
- 9100-9103
- 9105-9106
- 9120-9122
- 9200-9219
- 9258
- 9444-9447
- 9537
- 9641-9644
- 9978-9979
- 10010
- 10250-10251
- 10255-10259
- 10263
- 10357
- 10443-10444
- 17697
- 22623-22624
- 60000
- name: Open udp ports
firewalld:
#Offline needed as these tasks will be running in
#a container build which does not have the service running.
offline: yes
port: "{{ item }}/udp"
permanent: yes
state: enabled
loop:
- 500
- 4500
- 4789
- 6081
- 9122
#These next two tasks can be verified by: `sudo firewall-cmd --list-all --zone trusted`
- name: Add localhost to trusted zone
command: "firewall-offline-cmd --zone=trusted --add-interface=lo"
- name: Open tcp ports for localhost
firewalld:
zone: trusted
offline: yes
port: "{{ item }}/tcp"
permanent: yes
state: enabled
loop:
- 4180
- 8797
- 9259
- 9260
- 9443
- 9977
- 10248
- 10300-10303
- 11443
- 20000
- 29100-29103
- 29105
- 29150-29151
- 29445