Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
efcc7619
Commit
efcc7619
authored
Aug 14, 2018
by
Phillip Smith (fukawi2)
Browse files
make all firewalld changes take effect immediately
parent
153ad794
Changes
12
Hide whitespace changes
Inline
Side-by-side
playbooks/apollo.yml
View file @
efcc7619
...
...
@@ -49,4 +49,4 @@
-
{
role
:
archwiki
,
tags
:
[
"
archwiki"
]
}
tasks
:
-
name
:
open firewall hole for hefurd
firewalld
:
port=6969/tcp permanent=true state=enabled
firewalld
:
port=6969/tcp permanent=true state=enabled
immediate=yes
roles/dbscripts/tasks/main.yml
View file @
efcc7619
...
...
@@ -225,7 +225,7 @@
service
:
name=rsyncd.socket enabled=yes state=started
-
name
:
open firewall holes for rsync
firewalld
:
service=rsyncd permanent=true state=enabled
firewalld
:
service=rsyncd permanent=true state=enabled
immediate=yes
when
:
configure_firewall
-
name
:
configure svnserve
...
...
@@ -235,7 +235,7 @@
service
:
name=svnserve enabled=yes state=started
-
name
:
open firewall holes for svnserve
firewalld
:
port=3690/tcp permanent=true state=enabled
firewalld
:
port=3690/tcp permanent=true state=enabled
immediate=yes
when
:
configure_firewall
-
name
:
install systemd timers
...
...
roles/dovecot/tasks/main.yml
View file @
efcc7619
...
...
@@ -18,7 +18,7 @@
service
:
name=dovecot enabled=yes state=started
-
name
:
open firewall holes
firewalld
:
service={{item}} permanent=true state=enabled
firewalld
:
service={{item}} permanent=true state=enabled
immediate=yes
with_items
:
-
pop3
-
pop3s
...
...
roles/mariadb/tasks/main.yml
View file @
efcc7619
...
...
@@ -48,6 +48,6 @@
# the source addresses here could be tightened up more, but it's far better
# than having mariadb open to the world
-
name
:
open firewall holes to other infrastructure hosts
firewalld
:
service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}}
firewalld
:
service=mysql permanent=true state="{{'disabled' if mariadb_skip_networking else 'enabled'}}" source={{item}}
immediate=yes
with_items
:
"
{{
groups['all']
}}"
when
:
configure_firewall
roles/nginx/tasks/main.yml
View file @
efcc7619
...
...
@@ -67,7 +67,7 @@
service
:
name=nginx enabled=yes
-
name
:
open firewall holes
firewalld
:
service={{item}} permanent=true state=enabled
firewalld
:
service={{item}} permanent=true state=enabled
immediate=yes
with_items
:
-
http
-
https
...
...
roles/oidentd/tasks/main.yml
View file @
efcc7619
...
...
@@ -12,5 +12,5 @@
-
oidentd.socket
-
name
:
open firewall holes
firewalld
:
port=113/tcp permanent=true state=enabled
firewalld
:
port=113/tcp permanent=true state=enabled
immediate=yes
when
:
configure_firewall
roles/postfix/tasks/main.yml
View file @
efcc7619
...
...
@@ -86,7 +86,7 @@
-
compat_maps.db
-
name
:
open firewall holes
firewalld
:
service={{item}} permanent=true state=enabled
firewalld
:
service={{item}} permanent=true state=enabled
immediate=yes
with_items
:
-
smtp
-
smtp-submission
...
...
roles/postgres/tasks/main.yml
View file @
efcc7619
...
...
@@ -51,6 +51,6 @@
when
:
postgres_ssl == 'on'
-
name
:
open firewall holes to known postgresql clients
firewalld
:
service=postgresql permanent=true state=enabled source={{item}}
firewalld
:
service=postgresql permanent=true state=enabled source={{item}}
immediate=yes
with_items
:
"
{{
postgres_ssl_hosts
}}"
when
:
configure_firewall
roles/quassel/tasks/main.yml
View file @
efcc7619
...
...
@@ -63,5 +63,5 @@
-
clean-quassel.timer
-
name
:
open firewall holes
firewalld
:
port=4242/tcp permanent=true state=enabled
firewalld
:
port=4242/tcp permanent=true state=enabled
immediate=yes
when
:
configure_firewall
roles/sshd/tasks/main.yml
View file @
efcc7619
...
...
@@ -18,5 +18,5 @@
service
:
name=sshd enabled=yes state=started
-
name
:
open firewall holes
firewalld
:
service=ssh permanent=true state=enabled
firewalld
:
service=ssh permanent=true state=enabled
immediate=yes
when
:
configure_firewall
roles/syncrepo/tasks/main.yml
View file @
efcc7619
...
...
@@ -45,5 +45,5 @@
tags
:
[
'
nginx'
]
-
name
:
open firewall holes
firewalld
:
service=rsyncd permanent=true state=enabled
firewalld
:
service=rsyncd permanent=true state=enabled
immediate=yes
when
:
configure_firewall
roles/zabbix-agent/tasks/main.yml
View file @
efcc7619
...
...
@@ -63,5 +63,5 @@
service
:
name=zabbix-agent enabled=yes state=started
-
name
:
open firewall holes
firewalld
:
service=zabbix-agent permanent=true state=enabled
firewalld
:
service=zabbix-agent permanent=true state=enabled
immediate=yes
when
:
configure_firewall
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment