adding fedora stuff
This commit is contained in:
Executable
+29
@@ -0,0 +1,29 @@
|
||||
- name: Set default firewalld zone to home
|
||||
ansible.builtin.command:
|
||||
cmd: firewall-cmd --set-default-zone=home
|
||||
become: true
|
||||
|
||||
- name: Change interface to home zone
|
||||
ansible.builtin.command:
|
||||
cmd: firewall-cmd --zone=home --change-interface={{ network_interface }}
|
||||
become: true
|
||||
|
||||
- name: Add allowed services to home zone
|
||||
ansible.builtin.firewalld:
|
||||
service: "{{ item }}"
|
||||
zone: home
|
||||
permanent: yes
|
||||
state: enabled
|
||||
loop: "{{ allowed_services }}"
|
||||
become: true
|
||||
|
||||
- name: Enable logging for denied packets
|
||||
ansible.builtin.command:
|
||||
cmd: firewall-cmd --set-log-denied=all
|
||||
become: true
|
||||
|
||||
- name: Reload firewalld
|
||||
ansible.builtin.systemd:
|
||||
name: firewalld
|
||||
state: reloaded
|
||||
become: true
|
||||
Executable
+6
@@ -0,0 +1,6 @@
|
||||
---
|
||||
network_interface: wlp0s20f3
|
||||
allowed_services:
|
||||
- ssh
|
||||
- dhcpv6-client
|
||||
- mdns
|
||||
Reference in New Issue
Block a user