I have the following code, which works fine with ansible. However i've
noticed when i restart my firewall service, my settings appear to not
persist. Any idea why? *Ansible 2.7*
*Before service restart (with ansible configs applied) This is what i
expect to see;*
*[root@driv-vch4-ha01 dhill]# firewall-cmd --get-active-zonesdrop
interfaces: ens224public interfaces: ens192[root@driv-vch4-ha01 dhill]#
systemctl restart firewalld[root@driv-vch4-ha01 dhill]# firewall-cmd
--get-active-zonespublic interfaces: ens192 ens224*
- name: Enable firewall service + start
service:
name: firewalld
state: started
enabled: yes
- name: Put Customer interface into DROP zone
firewalld:
interface: "{{ vrrp_interface }}"
zone: drop
permanent: yes
immediate: yes
state: enabled
- name: Allow http
firewalld:
service: http
zone: drop
permanent: yes
immediate: yes
state: enabled
- name: Allow https
firewalld:
service: https
zone: drop
permanent: yes
immediate: yes
state: enabled
- name: Allow https
firewalld:
service: https
zone: drop
permanent: yes
immediate: yes
state: enabled
- name: Allow pings
firewalld:
rich_rule: rule family="ipv4" protocol value="icmp" accept
zone: drop
permanent: yes
immediate: yes
state: enabled
- name: Open up Traefik dashboard on public zone.
firewalld:
port: 8080/tcp
permanent: yes
zone: public
state: enabled
immediate: yes
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/640804ee-47af-4aa1-b872-1a18e35a53ee%40googlegroups.com.
