cancel
Showing results for 
Search instead for 
Did you mean: 
hvonderheyde
Mission Specialist
Mission Specialist
  • 3,367 Views

open multiple ports with ansible.posix.firewalld module

Hello learning community,

I am stuck with a small ansible problem.

Does anyone has an idea to nicely open multiple ports in a minimum of playbook tasks ?

I want to open below ports but a loop seems not to be working with the ansible.posix.firewalld module. 

I want to open all the following ports:

port 7/53 for udp and tcp

port 67-69 udp

port 80, 443, 5646, 5671, 8000, 8149, 9090 tcp 

 The following snippet is not working:

- name: configure access to required tcp network ports
    ansible.posix.firewalld:
      port: "{{ item }}/tcp”
      immediate: true
      permanent: true
      state: enabled
    with_items:
      - 7
      - 53
      - 80
      - 443
      - 5646
      - 5671
      - 8000
      - 8140
      - 9090
 
 
0 Kudos
5 Replies
wbialy
Flight Engineer Flight Engineer
Flight Engineer
  • 3,360 Views

I can see that there is an issue with closing " in port line, but that is probably copy paste issue

I tried with loop and this works for me:

 

---
- name: Test
  hosts: ansible1
  become: true
  vars:
     ports:
         - 7
         - 53
         - 80
         - 443
         - 5646
         - 5671
         - 8000
         - 8140
         - 9090
      tasks:
          - name: configure access to required tcp network ports
            ansible.posix.firewalld:
                port: "{{ item }}/tcp"
                immediate: true
                permanent: true
                state: enabled
             loop: "{{ ports }}"

0 Kudos
hvonderheyde
Mission Specialist
Mission Specialist
  • 3,328 Views

Hello wbialy,

so ports as variables in the playbook is working. I should have tried this. Many thanks for your help and reply !

 

regards Hendrik 

0 Kudos
wbialy
Flight Engineer Flight Engineer
Flight Engineer
  • 3,359 Views

also if you want to open range you can add range to the vars list like this: 

     ports:
         - 7
         - 53
         - 80
         - 443
         - '67-69'

 

0 Kudos
Travis
Moderator
Moderator
  • 3,352 Views

@hvonderheyde -

I show this in my courses generally and also demo creating it as a role. 

https://galaxy.ansible.com/ui/standalone/roles/tmichett/manage_firewall/

https://github.com/tmichett/manage_firewall

You can provide list of ports/protocols. Some of the examples above would result in a TCP protocol only. Again, those are examples above you could easily modify.

 

---
- name: Manage Firewall
  hosts: serverc
  vars:
    fw:
      - fw_port: 8080
        fw_proto: tcp
      - fw_port: 9090
        fw_proto: tcp
    fw_svc:
      - fw_svc_name: http
      - fw_svc_name: https
  roles:
    - tmichett.manage_firewall

One other way using items from either the role task example here or the examples above you could modify the list of ports to have the protocol also attached.

 

  vars:
    fw_ports_prots:
      -  8080/tcp
      -  9090/tcp
      - 67/ucp
          - name: configure access to required tcp network ports
            ansible.posix.firewalld:
                port: "{{ item }}"
                immediate: true
                permanent: true
                state: enabled
             loop: "{{ fw_ports_prots }}"

 

 

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
0 Kudos
hvonderheyde
Mission Specialist
Mission Specialist
  • 3,328 Views

This is great. Many thanks Travis for this prompt solution, very much appreciated. Btw. very impressive list of certifications !

 

regards Hendrik 

0 Kudos
Join the discussion
You must log in to join this conversation.