UnderGrounder96/firewalld_config.yml

## firewalld_config.yml
---
# Sample run: ansible-playbook -i 127.0.0.1, firewalld_config.yml
- hosts: all
  name: Setup and configure firewalld
  gather_facts: false
  # connection: local
  become: true # perform this play as root
  user: root
  vars:
    network_ip_list:
      - "127.0.0.1/24" # replace with your network address

  tasks:
    - name: Install firewalld
      yum: name=firewalld state=latest

    - name: Enable and ensure firewalld is running
      service: name=firewalld state=started enabled=yes

    - name: Set firewalld to accept all incoming requests from network_ip_list
      firewalld:
        zone: trusted
        source: "{{ item }}"
        permanent: yes
        immediate: yes
        state: enabled
      loop: "{{ network_ip_list }}"

    - name: Set firewalld to add loopback interface to trusted zone
      firewalld:
        zone: trusted
        interface: lo
        permanent: yes
        immediate: yes
        state: enabled

    - name: Set firewalld to deny all (external) ssh connections
      firewalld:
        service: ssh
        zone: "{{ item }}"
        permanent: yes
        immediate: yes
        state: disabled
      loop:
        - external
        # - public # assumed as default zone

    - name: Set firewalld to enable masquerade in the default zone
      firewalld:
        masquerade: enable
        state: enabled
        permanent: yes

    - name: Reload firewalld service
      systemd:
        name: firewalld
        state: reloaded

## firewalld_reset.sh
#!/usr/env bash

# docs
# https://docs.docker.com/network/iptables/
# https://firewalld.org/documentation/man-pages/firewall-cmd.html

rm -rf /etc/firewalld/zones # flushes all zones

iptables -F # flushes all chains
iptables -X # deletes user-defined chains
iptables -Z # zeroes chains counter

systemctl reload firewalld # firewall-cmd --reload
#reboot
	---
	# Sample run: ansible-playbook -i 127.0.0.1, firewalld_config.yml
	- hosts: all
	name: Setup and configure firewalld
	gather_facts: false
	# connection: local
	become: true # perform this play as root
	user: root
	vars:
	network_ip_list:
	- "127.0.0.1/24" # replace with your network address

	tasks:
	- name: Install firewalld
	yum: name=firewalld state=latest

	- name: Enable and ensure firewalld is running
	service: name=firewalld state=started enabled=yes

	- name: Set firewalld to accept all incoming requests from network_ip_list
	firewalld:
	zone: trusted
	source: "{{ item }}"
	permanent: yes
	immediate: yes
	state: enabled
	loop: "{{ network_ip_list }}"

	- name: Set firewalld to add loopback interface to trusted zone
	firewalld:
	zone: trusted
	interface: lo
	permanent: yes
	immediate: yes
	state: enabled

	- name: Set firewalld to deny all (external) ssh connections
	firewalld:
	service: ssh
	zone: "{{ item }}"
	permanent: yes
	immediate: yes
	state: disabled
	loop:
	- external
	# - public # assumed as default zone

	- name: Set firewalld to enable masquerade in the default zone
	firewalld:
	masquerade: enable
	state: enabled
	permanent: yes

	- name: Reload firewalld service
	systemd:
	name: firewalld
	state: reloaded
	#!/usr/env bash

	# docs
	# https://docs.docker.com/network/iptables/
	# https://firewalld.org/documentation/man-pages/firewall-cmd.html

	rm -rf /etc/firewalld/zones # flushes all zones

	iptables -F # flushes all chains
	iptables -X # deletes user-defined chains
	iptables -Z # zeroes chains counter

	systemctl reload firewalld # firewall-cmd --reload
	#reboot