background

A firewall By organically combining all kinds of software and hardware equipment for safety management and screening , Help the computer network in it 、 Build a relatively isolated protective barrier between the external networks , A technology to protect user data and information security .
As far as computers are concerned, firewalls are divided into hardware and software , This article starts from the firewall of software , Introduce the firewall technology of the operating system .
Firewall setting is one of the common operations in the process of program deployment . This article ansible Introduction to the carrier , Traditional firewall settings reference 《centos7 Firewall settings 》

demand

Switch the firewall for the assigned server 、 Port policy and service settings .

operation

ansible Operation firewall involves three parts in this chapter

• Switch of firewall
• Firewall port policy
• Firewall service policy

Switch of firewall

The switch of firewall uses ansible Medium service service

open

#  Turn on firewalld service 
- hosts: middleware
  #  Remote task execution user 
  remote_user: root
  #  Task list 
  tasks:
    #  Get service information in the system 
    - name: checking service
      ansible.builtin.service_facts:  
    #  Statement 
    - name:  Turn on firewalld A firewall 
      service:
        name: firewalld
        state: started
        enabled: yes
      when: ansible_facts.services['firewalld.service'] is defined

If you need to turn off the firewall state The status is set to stopped

verification

$ ansible middleware -a 'systemctl status firewalld' -i hosts

Firewall port policy

open

#  Set up firewalld Port policy 
- hosts: middleware
  #  Remote task execution user 
  remote_user: root
  #  Task list 
  tasks:  
    #  Statement 
    - name:  Set up firewalld Port policy 
      firewalld:
        port: 8848/tcp
        state: enabled
        permanent: yes
        immediate: yes

verification

$ ansible middleware -m shell -a 'firewall-cmd --lists-ports' -i hosts

Firewall service policy

open

#  Set up firewalld Service strategy 
- hosts: middleware
  #  Remote task execution user 
  remote_user: root
  #  Task list 
  tasks:  
    #  Statement 
    - name:  Set up firewalld Service strategy 
      firewalld:
        service: http
        state: enabled
        permanent: yes
        immediate: yes

verification

$ ansible middleware -m shell -a 'firewall-cmd --lists-services' -i hosts