Ansible is great for configuring host-based firewall like Firewalld. One thing you will note is that we are using with_items parameter a lot and it is very useful in this case since we have a number of parameters within items.
- name: FirewallD Rules (Ports)
firewalld:
permanent: yes
immediate: yes
port: "{{item.port}}/{{item.proto}}"
state: "{{item.state}}"
zone: "{{item.zone}}"
with_items:
- {port: "80", proto: "tcp", state: "enabled", zone: "public" }
- {port: "80", proto: "udp", state: "enabled", zone: "public" }
- {port: "443", proto: "tcp", state: "disabled", zone: "public" }
- {port: "443", proto: "udp", state: "disabled", zone: "public" }
- name: FirewallD Rules (Services)
firewalld:
permanent: yes
immediate: yes
service: "{{item.service}}"
state: "{{item.state}}"
zone: "{{item.zone}}"
with_items:
- {service: "cockpit", state: "disabled", zone: "public" }
- name: Turn on Firewalld.service on Compute Nodes
systemd:
name: firewalld
state: started
enabled: yes
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
References:
The Linux Cluster 