Commit d1092308 authored by Phillip Smith (fukawi2)'s avatar Phillip Smith (fukawi2)
Browse files

make all firewalld changes take effect immediately

parent bfda50bd
......@@ -49,4 +49,4 @@
- { role: archwiki, tags: ["archwiki"] }
tasks:
- name: open firewall hole for hefurd
firewalld: port=6969/tcp permanent=true state=enabled
firewalld: port=6969/tcp permanent=true state=enabled immediate=yes
......@@ -225,7 +225,7 @@
service: name=rsyncd.socket enabled=yes state=started
- name: open firewall holes for rsync
firewalld: service=rsyncd permanent=true state=enabled
firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall
- name: configure svnserve
......@@ -235,7 +235,7 @@
service: name=svnserve enabled=yes state=started
- name: open firewall holes for svnserve
firewalld: port=3690/tcp permanent=true state=enabled
firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
when: configure_firewall
- name: install systemd timers
......
......@@ -18,7 +18,7 @@
service: name=dovecot enabled=yes state=started
- name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled
firewalld: service={{item}} permanent=true state=enabled immediate=yes
with_items:
- pop3
- pop3s
......
......@@ -48,6 +48,6 @@
# the source addresses here could be tightened up more, but it's far better
# than having mariadb open to the world
- name: open firewall holes to other infrastructure hosts
firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}}
firewalld: service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}} immediate=yes
with_items: "{{ groups['all'] }}"
when: configure_firewall
......@@ -67,7 +67,7 @@
service: name=nginx enabled=yes
- name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled
firewalld: service={{item}} permanent=true state=enabled immediate=yes
with_items:
- http
- https
......
......@@ -12,5 +12,5 @@
- oidentd.socket
- name: open firewall holes
firewalld: port=113/tcp permanent=true state=enabled
firewalld: port=113/tcp permanent=true state=enabled immediate=yes
when: configure_firewall
......@@ -86,7 +86,7 @@
- compat_maps.db
- name: open firewall holes
firewalld: service={{item}} permanent=true state=enabled
firewalld: service={{item}} permanent=true state=enabled immediate=yes
with_items:
- smtp
- smtp-submission
......
......@@ -51,6 +51,6 @@
when: postgres_ssl == 'on'
- name: open firewall holes to known postgresql clients
firewalld: service=postgresql permanent=true state=enabled source={{item}}
firewalld: service=postgresql permanent=true state=enabled source={{item}} immediate=yes
with_items: "{{ postgres_ssl_hosts }}"
when: configure_firewall
......@@ -63,5 +63,5 @@
- clean-quassel.timer
- name: open firewall holes
firewalld: port=4242/tcp permanent=true state=enabled
firewalld: port=4242/tcp permanent=true state=enabled immediate=yes
when: configure_firewall
......@@ -18,5 +18,5 @@
service: name=sshd enabled=yes state=started
- name: open firewall holes
firewalld: service=ssh permanent=true state=enabled
firewalld: service=ssh permanent=true state=enabled immediate=yes
when: configure_firewall
......@@ -45,5 +45,5 @@
tags: ['nginx']
- name: open firewall holes
firewalld: service=rsyncd permanent=true state=enabled
firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall
......@@ -63,5 +63,5 @@
service: name=zabbix-agent enabled=yes state=started
- name: open firewall holes
firewalld: service=zabbix-agent permanent=true state=enabled
firewalld: service=zabbix-agent permanent=true state=enabled immediate=yes
when: configure_firewall
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment