Created
April 29, 2021 08:04
-
-
Save UnderGrounder96/0215d891f7696239499c972f9791e232 to your computer and use it in GitHub Desktop.
Deprive access to the server using firewalld (and flush iptables)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Sample run: ansible-playbook -i 127.0.0.1, firewalld_config.yml | |
- hosts: all | |
name: Setup and configure firewalld | |
gather_facts: false | |
# connection: local | |
become: true # perform this play as root | |
user: root | |
vars: | |
network_ip_list: | |
- "127.0.0.1/24" # replace with your network address | |
tasks: | |
- name: Install firewalld | |
yum: name=firewalld state=latest | |
- name: Enable and ensure firewalld is running | |
service: name=firewalld state=started enabled=yes | |
- name: Set firewalld to accept all incoming requests from network_ip_list | |
firewalld: | |
zone: trusted | |
source: "{{ item }}" | |
permanent: yes | |
immediate: yes | |
state: enabled | |
loop: "{{ network_ip_list }}" | |
- name: Set firewalld to add loopback interface to trusted zone | |
firewalld: | |
zone: trusted | |
interface: lo | |
permanent: yes | |
immediate: yes | |
state: enabled | |
- name: Set firewalld to deny all (external) ssh connections | |
firewalld: | |
service: ssh | |
zone: "{{ item }}" | |
permanent: yes | |
immediate: yes | |
state: disabled | |
loop: | |
- external | |
# - public # assumed as default zone | |
- name: Set firewalld to enable masquerade in the default zone | |
firewalld: | |
masquerade: enable | |
state: enabled | |
permanent: yes | |
- name: Reload firewalld service | |
systemd: | |
name: firewalld | |
state: reloaded |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/env bash | |
# docs | |
# https://docs.docker.com/network/iptables/ | |
# https://firewalld.org/documentation/man-pages/firewall-cmd.html | |
rm -rf /etc/firewalld/zones # flushes all zones | |
iptables -F # flushes all chains | |
iptables -X # deletes user-defined chains | |
iptables -Z # zeroes chains counter | |
systemctl reload firewalld # firewall-cmd --reload | |
#reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment