Re: open multiple ports with ansible.posix.firewal...

hvonderheyde · ‎02-08-2024

Hello learning community,

I am stuck with a small ansible problem.

Does anyone has an idea to nicely open multiple ports in a minimum of playbook tasks ?

I want to open below ports but a loop seems not to be working with the ansible.posix.firewalld module.

I want to open all the following ports:

port 7/53 for udp and tcp

port 67-69 udp

port 80, 443, 5646, 5671, 8000, 8149, 9090 tcp

The following snippet is not working:

- name: configure access to required tcp network ports

ansible.posix.firewalld:

port: "{{ item }}/tcp”

immediate: true

permanent: true

state: enabled

with_items:

- 7

- 53

- 80

- 443

- 5646

- 5671

- 8000

- 8140

- 9090

wbialy · ‎02-08-2024

I can see that there is an issue with closing " in port line, but that is probably copy paste issue

I tried with loop and this works for me:

---
- name: Test
hosts: ansible1
become: true
vars:
ports:
- 7
- 53
- 80
- 443
- 5646
- 5671
- 8000
- 8140
- 9090
tasks:
- name: configure access to required tcp network ports
ansible.posix.firewalld:
port: "{{ item }}/tcp"
immediate: true
permanent: true
state: enabled
loop: "{{ ports }}"

hvonderheyde · ‎02-08-2024

Hello wbialy,

so ports as variables in the playbook is working. I should have tried this. Many thanks for your help and reply !

regards Hendrik

wbialy · ‎02-08-2024

also if you want to open range you can add range to the vars list like this:

ports:
- 7
- 53
- 80
- 443
- '67-69'

Travis · ‎02-08-2024

@hvonderheyde -

I show this in my courses generally and also demo creating it as a role.

https://galaxy.ansible.com/ui/standalone/roles/tmichett/manage_firewall/

https://github.com/tmichett/manage_firewall

You can provide list of ports/protocols. Some of the examples above would result in a TCP protocol only. Again, those are examples above you could easily modify.

---
- name: Manage Firewall
  hosts: serverc
  vars:
    fw:
      - fw_port: 8080
        fw_proto: tcp
      - fw_port: 9090
        fw_proto: tcp
    fw_svc:
      - fw_svc_name: http
      - fw_svc_name: https
  roles:
    - tmichett.manage_firewall

One other way using items from either the role task example here or the examples above you could modify the list of ports to have the protocol also attached.

  vars:
    fw_ports_prots:
      -  8080/tcp
      -  9090/tcp
      - 67/ucp

          - name: configure access to required tcp network ports
            ansible.posix.firewalld:
                port: "{{ item }}"
                immediate: true
                permanent: true
                state: enabled
             loop: "{{ fw_ports_prots }}"

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

hvonderheyde · ‎02-08-2024

This is great. Many thanks Travis for this prompt solution, very much appreciated. Btw. very impressive list of certifications !

regards Hendrik

open multiple ports with ansible.posix.firewalld module