Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
- name: Set defaults for firewall # (For security purposes,reject anything not started by an internal connection, only allow via service/port)
firewalld:
enabled: true
become: true
command: firewall-cmd --set-default-zone=drop --permanent
command: firewall-cmd --add-interface={eth0,lo,docker0} --permanent
command: firewall-cmd --add-services={ssh,cockpit,mosh,git,jenkins,kerberos,ldaps,squid,rsyncd} --permanent
command: firewall-cmd --add-port={14623/tcp,1829/tcp,1829/udp,2620/tcp,2620/udp} --permanent
command: firewall-cmd --service=ssh --set-source-port=14623/tcp --set-destination-port=111/tcp --permanent
command: firewall-cmd --zone=dmz --set-source-port=111/tcp --set-destination-port=1829/tcp --permanent
command: firewall-cmd --complete-reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.