--- - name: Set default firewalld zone to home command: cmd: firewall-cmd --set-default-zone=home become: true - name: Change interface to home zone command: cmd: firewall-cmd --zone=home --change-interface={{ network_interface }} become: true - name: Add allowed services to home zone firewalld: service: "{{ item }}" zone: home permanent: yes state: enabled loop: "{{ allowed_services }}" become: true - name: Enable logging for denied packets command: cmd: firewall-cmd --set-log-denied=all become: true - name: Reload firewalld systemd: name: firewalld state: reloaded become: true - name: Ensure SELinux is enabled and in enforcing mode selinux: policy: targeted state: enforcing - name: Set SELinux to enforcing in config file replace: path: /etc/selinux/config regexp: '^SELINUX=.*' replace: 'SELINUX=enforcing' - name: Install dnf-automatic for automatic security updates package: name: dnf-automatic state: present - name: Configure dnf-automatic template: src: dnf-automatic.conf.j2 dest: /etc/dnf/automatic.conf owner: root group: root mode: '0644' - name: Enable and start dnf-automatic timer systemd: name: dnf-automatic.timer enabled: true state: started