- name: Set default firewalld zone to home ansible.builtin.command: cmd: firewall-cmd --set-default-zone=home become: true - name: Change interface to home zone ansible.builtin.command: cmd: firewall-cmd --zone=home --change-interface={{ network_interface }} become: true - name: Add allowed services to home zone ansible.builtin.firewalld: service: "{{ item }}" zone: home permanent: yes state: enabled loop: "{{ allowed_services }}" become: true - name: Enable logging for denied packets ansible.builtin.command: cmd: firewall-cmd --set-log-denied=all become: true - name: Reload firewalld ansible.builtin.systemd: name: firewalld state: reloaded become: true