roles/openshift_common/tasks/firewall.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

---
# TODO: Ansible 1.9 will eliminate the need for separate firewalld tasks for
# enabling rules and making them permanent with the immediate flag
- name: "Add firewalld allow rules"
  firewalld:
    port: "{{ item.port }}"
    permanent: false
    state: enabled
  with_items: allow
  when: allow is defined

- name: "Persist firewalld allow rules"
  firewalld:
    port: "{{ item.port }}"
    permanent: true
    state: enabled
  with_items: allow
  when: allow is defined

- name: "Remove firewalld allow rules"
  firewalld:
    port: "{{ item.port }}"
    permanent: false
    state: disabled
  with_items: deny
  when: deny is defined

- name: "Persist removal of firewalld allow rules"
  firewalld:
    port: "{{ item.port }}"
    permanent: true
    state: disabled
  with_items: deny
  when: deny is defined