linux-modder/gist:4c8014056c154ce9d9cb5d880e26390e

## gistfile1.txt
- name: Set defaults for firewall  # (For security purposes,reject anything not started by an internal connection, only allow
via service/port)
  firewalld:
      enabled: true
      become: true
      zone: drop
        interface:
          eth0
      permanent: true
      port:
        9090/tcp # Cockpit
        14623/tcp # SSH (Internal Joke)
      user: root
      masquerade: none
      service:
        fail2ban
        ssh
        cockpit
        mosh
       zone: dmz
        interface: eth0
        port:
          8080/tcp # Jenkins
          user: root
          permanent: true
          masquearade: none
          service:
             ssh
             cockpit
   copy:
      src=/templates/firewall.j2
      dest=/etc/firewalld/firewalld.conf
      group=root
      user=root
      mode=644
	- name: Set defaults for firewall # (For security purposes,reject anything not started by an internal connection, only allow
	via service/port)
	firewalld:
	enabled: true
	become: true
	zone: drop
	interface:
	eth0
	permanent: true
	port:
	9090/tcp # Cockpit
	14623/tcp # SSH (Internal Joke)
	user: root
	masquerade: none
	service:
	fail2ban
	ssh
	cockpit
	mosh
	zone: dmz
	interface: eth0
	port:
	8080/tcp # Jenkins
	user: root
	permanent: true
	masquearade: none
	service:
	ssh
	cockpit
	copy:
	src=/templates/firewall.j2
	dest=/etc/firewalld/firewalld.conf
	group=root
	user=root
	mode=644