Commit 1258e6b7 authored by Phillip Smith (fukawi2)'s avatar Phillip Smith (fukawi2)
Browse files

make all firewalld changes take effect immediately

parent 153ad794
...@@ -49,4 +49,4 @@ ...@@ -49,4 +49,4 @@
- { role: archwiki, tags: ["archwiki"] } - { role: archwiki, tags: ["archwiki"] }
tasks: tasks:
- name: open firewall hole for hefurd - name: open firewall hole for hefurd
firewalld: port=6969/tcp permanent=true state=enabled firewalld: port=6969/tcp permanent=true state=enabled immediate=yes
...@@ -225,7 +225,7 @@ ...@@ -225,7 +225,7 @@
service: name=rsyncd.socket enabled=yes state=started service: name=rsyncd.socket enabled=yes state=started
- name: open firewall holes for rsync - name: open firewall holes for rsync
firewalld: service=rsyncd permanent=true state=enabled firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
- name: configure svnserve - name: configure svnserve
...@@ -235,7 +235,7 @@ ...@@ -235,7 +235,7 @@
service: name=svnserve enabled=yes state=started service: name=svnserve enabled=yes state=started
- name: open firewall holes for svnserve - name: open firewall holes for svnserve
firewalld: port=3690/tcp permanent=true state=enabled firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
- name: install systemd timers - name: install systemd timers
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
service: name=dovecot enabled=yes state=started service: name=dovecot enabled=yes state=started
- name: open firewall holes - name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled firewalld: service={{item}} permanent=true state=enabled immediate=yes
with_items: with_items:
- pop3 - pop3
- pop3s - pop3s
......
...@@ -48,6 +48,6 @@ ...@@ -48,6 +48,6 @@
# the source addresses here could be tightened up more, but it's far better # the source addresses here could be tightened up more, but it's far better
# than having mariadb open to the world # than having mariadb open to the world
- name: open firewall holes to other infrastructure hosts - name: open firewall holes to other infrastructure hosts
firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}} firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}} immediate=yes
with_items: "{{ groups['all'] }}" with_items: "{{ groups['all'] }}"
when: configure_firewall when: configure_firewall
...@@ -67,7 +67,7 @@ ...@@ -67,7 +67,7 @@
service: name=nginx enabled=yes service: name=nginx enabled=yes
- name: open firewall holes - name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled firewalld: service={{item}} permanent=true state=enabled immediate=yes
with_items: with_items:
- http - http
- https - https
......
...@@ -12,5 +12,5 @@ ...@@ -12,5 +12,5 @@
- oidentd.socket - oidentd.socket
- name: open firewall holes - name: open firewall holes
firewalld: port=113/tcp permanent=true state=enabled firewalld: port=113/tcp permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
...@@ -86,7 +86,7 @@ ...@@ -86,7 +86,7 @@
- compat_maps.db - compat_maps.db
- name: open firewall holes - name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled firewalld: service={{item}} permanent=true state=enabled immediate=yes
with_items: with_items:
- smtp - smtp
- smtp-submission - smtp-submission
......
...@@ -51,6 +51,6 @@ ...@@ -51,6 +51,6 @@
when: postgres_ssl == 'on' when: postgres_ssl == 'on'
- name: open firewall holes to known postgresql clients - name: open firewall holes to known postgresql clients
firewalld: service=postgresql permanent=true state=enabled source={{item}} firewalld: service=postgresql permanent=true state=enabled source={{item}} immediate=yes
with_items: "{{ postgres_ssl_hosts }}" with_items: "{{ postgres_ssl_hosts }}"
when: configure_firewall when: configure_firewall
...@@ -63,5 +63,5 @@ ...@@ -63,5 +63,5 @@
- clean-quassel.timer - clean-quassel.timer
- name: open firewall holes - name: open firewall holes
firewalld: port=4242/tcp permanent=true state=enabled firewalld: port=4242/tcp permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
...@@ -18,5 +18,5 @@ ...@@ -18,5 +18,5 @@
service: name=sshd enabled=yes state=started service: name=sshd enabled=yes state=started
- name: open firewall holes - name: open firewall holes
firewalld: service=ssh permanent=true state=enabled firewalld: service=ssh permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
...@@ -45,5 +45,5 @@ ...@@ -45,5 +45,5 @@
tags: ['nginx'] tags: ['nginx']
- name: open firewall holes - name: open firewall holes
firewalld: service=rsyncd permanent=true state=enabled firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
...@@ -63,5 +63,5 @@ ...@@ -63,5 +63,5 @@
service: name=zabbix-agent enabled=yes state=started service: name=zabbix-agent enabled=yes state=started
- name: open firewall holes - name: open firewall holes
firewalld: service=zabbix-agent permanent=true state=enabled firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
when: configure_firewall when: configure_firewall
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment