Directly manage the firewalld rules on RH derived distributions.

2020-05-04 19:25:48 +02:00 · 2020-05-04 19:25:48 +02:00 · 045b1eeafa
parent 99f67c7a12
commit 045b1eeafa
2 changed files with 13 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -12,3 +12,6 @@ squid_safe_ports:

 squid_max_object_size: '10 MB'
 squid_disk_cache: '2048 16 256'
+
+squid_firewalld_services:
+  - { service: 'squid', state: 'enabled', zone: '{{ firewalld_default_zone }}' }
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -17,4 +17,13 @@
    service: name=squid state=started enabled=yes

  when: squid_install | bool
-  tags: [ 'squid', 'proxy' ]
+  tags: [ 'squid', 'proxy' ]
+
+- name: Manage the squid firewalld rules
+  block:
+    - name: Manage the squid related firewall service
+      firewalld: service={{ item.service }} zone={{ item.zone }} permanent={{ item.permanent | default(True) }} state={{ item.state }} immediate=True
+      with_items: '{{ squid_firewalld_services }}'
+
+  when: ansible_distribution_file_variety == "RedHat"
+  tags: [ 'squid', 'proxy', 'firewall', 'firewalld', 'iptables', 'iptables_rules' ]