Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
- name: Set defaults for firewall # (For security purposes,reject anything not started by an internal connection, only allow
via service/port)
firewalld:
enabled: true
become: true
zone: drop
interface:
eth0
permanent: true
port:
9090/tcp # Cockpit
14623/tcp # SSH (Internal Joke)
user: root
masquerade: none
service:
fail2ban
ssh
cockpit
mosh
zone: dmz
interface: eth0
port:
8080/tcp # Jenkins
user: root
permanent: true
masquearade: none
service:
ssh
cockpit
copy:
src=/templates/firewall.j2
dest=/etc/firewalld/firewalld.conf
group=root
user=root
mode=644
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.