ansible.posix
ansible.posix copied to clipboard
RFE: Allow passing a list to the service and source parameters of firewalld
SUMMARY
A zone can have many services and sources associated with it. Allow passing a list to the source parameter of firewalld like you can with yum/dnf.
ISSUE TYPE
- Feature Idea
COMPONENT NAME
firewalld
ADDITIONAL INFORMATION
- name: "Define internal zone"
firewalld:
service:
- http
- https
source:
- 192.168.0.0/16
- 10.0.0.0/8
zone: internal
immediate: yes
permanent: yes
state: enabled
Other parameters would also benefit from list input. Like interface
, port
, rich_rule
or even zone
@opoplawski +1 however I am using this to overcome this issue:
- name: permit traffic in default zone for imap service
firewalld:
service: "{{ item }}"
permanent: yes
state: enabled
with_items:
- "imap"
- "imaps"
Another example could be with pairs:
- name: "populating /etc/dovect/dovecot-sql.conf.ext with variabes"
replace:
path: /etc/dovecot/dovecot-sql.conf.ext
regexp: "{{ item.regexp }}"
replace: "{{ item.replace }}"
with_items:
- { regexp: '###DB_HOST###' , replace: "{{ db_host }}" }
- { regexp: "###DB_USERNAME###" , replace: "{{ db_username }}" }
- { regexp: '###DB_PASSWORD###' , replace: "{{ db_password }}" }
- { regexp: "###DB_NAME##" , replace: "{{ db_name }}" }
:+1: I support this suggestion and would like to add something on top:
An additional option to also remove any sources and services that are not present in the list, so no additional state: disabled
tasks are needed to remove sources or services from zones. (Comparable to ansible.posix.authorized_keys
's exclusive
-Parameter).