From 4064139d0ffca80f2ca597ae980e5e2ffd621af2 Mon Sep 17 00:00:00 2001
From: Phillip Smith <fukawi2@gmail.com>
Date: Fri, 17 Aug 2018 10:11:28 +1000
Subject: [PATCH] disable default dhcpv6-client firewall rule

none of our hosts are configured using dhcpv6 so no need to allow this
default firewall hole to remain in place.
---
 roles/firewalld/tasks/main.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/roles/firewalld/tasks/main.yml b/roles/firewalld/tasks/main.yml
index fc532d775..548a502c6 100644
--- a/roles/firewalld/tasks/main.yml
+++ b/roles/firewalld/tasks/main.yml
@@ -10,3 +10,10 @@
     name: firewalld
     enabled: "{{configure_firewall}}"
     state: "{{configure_firewall | ternary('started', 'stopped') }}"
+
+- name: disable default dhcpv6-client rule
+  firewalld:
+    service: dhcpv6-client
+    state: disabled
+    immediate: yes
+  when: configure_firewall
-- 
GitLab