RFE: Allow passing a list to the service and source parameters of firewalld

[opoplawski]

SUMMARY

A zone can have many services and sources associated with it. Allow passing a list to the source parameter of firewalld like you can with yum/dnf.

ISSUE TYPE

• Feature Idea

COMPONENT NAME

firewalld

ADDITIONAL INFORMATION

  - name: "Define internal zone"
    firewalld:
      service:
         - http
         - https
      source: 
        - 192.168.0.0/16
        - 10.0.0.0/8
      zone: internal
      immediate: yes
      permanent: yes
      state: enabled

[DonEstefan]

Other parameters would also benefit from list input. Like interface, port, rich_rule or even zone

[elico]

@opoplawski +1 however I am using this to overcome this issue:

  - name: permit traffic in default zone for imap service
    firewalld:
      service: "{{ item }}"
      permanent: yes
      state: enabled
    with_items:
      - "imap"
      - "imaps"

Another example could be with pairs:

  - name: "populating /etc/dovect/dovecot-sql.conf.ext with variabes"
    replace:
      path: /etc/dovecot/dovecot-sql.conf.ext
      regexp: "{{ item.regexp }}"
      replace: "{{ item.replace }}"
    with_items:
             -  { regexp:  '###DB_HOST###' , replace: "{{ db_host }}" }
             -  { regexp:  "###DB_USERNAME###" , replace: "{{ db_username }}" }
             -  { regexp:  '###DB_PASSWORD###' , replace: "{{ db_password }}" }
             -  { regexp:  "###DB_NAME##" , replace: "{{ db_name }}" }

[MaPePeR]

:+1: I support this suggestion and would like to add something on top: An additional option to also remove any sources and services that are not present in the list, so no additional state: disabled tasks are needed to remove sources or services from zones. (Comparable to ansible.posix.authorized_keys's exclusive-Parameter).