Last active
May 14, 2018 02:49
-
-
Save linux-modder/0c4a3b2cb78c02007711db889001e30e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: Set defaults for firewall # (For security purposes,reject anything not started by an internal connection, only allow via service/port) | |
| firewalld: | |
| enabled: true | |
| become: true | |
| command: firewall-cmd --set-default-zone=drop --permanent | |
| command: firewall-cmd --add-interface={eth0,lo,docker0} --permanent | |
| command: firewall-cmd --add-services={ssh,cockpit,mosh,git,jenkins,kerberos,ldaps,squid,rsyncd} --permanent | |
| command: firewall-cmd --add-port={14623/tcp,1829/tcp,1829/udp,2620/tcp,2620/udp} --permanent | |
| command: firewall-cmd --service=ssh --set-source-port=14623/tcp --set-destination-port=111/tcp --permanent | |
| command: firewall-cmd --zone=dmz --set-source-port=111/tcp --set-destination-port=1829/tcp --permanent | |
| command: firewall-cmd --complete-reload |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment