community.windows.win_firewall – Enable or disable the Windows Firewall

Note

This plugin is part of the community.windows collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.windows.

To use it in a playbook, specify: community.windows.win_firewall.

Synopsis

  • Enable or Disable Windows Firewall profiles.

Requirements

The below requirements are needed on the host that executes this module.

  • This module requires Windows Management Framework 5 or later.

Parameters

Parameter Choices/Defaults Comments
inbound_action
string
added in 1.1.0 of community.windows
    Choices:
  • allow
  • block
  • not_configured
Set to allow or block inbound network traffic in the profile.
not_configured is valid when configuring a GPO.
outbound_action
string
added in 1.1.0 of community.windows
    Choices:
  • allow
  • block
  • not_configured
Set to allow or block inbound network traffic in the profile.
not_configured is valid when configuring a GPO.
profiles
list / elements=string
    Choices:
  • Domain ←
  • Private ←
  • Public ←
Default:
["Domain", "Private", "Public"]
Specify one or more profiles to change.
state
string
    Choices:
  • disabled
  • enabled
Set state of firewall for given profile.

See Also

See also

community.windows.win_firewall_rule

The official documentation on the community.windows.win_firewall_rule module.

Examples

- name: Enable firewall for Domain, Public and Private profiles
  community.windows.win_firewall:
    state: enabled
    profiles:
    - Domain
    - Private
    - Public
  tags: enable_firewall

- name: Disable Domain firewall
  community.windows.win_firewall:
    state: disabled
    profiles:
    - Domain
  tags: disable_firewall

- name: Enable firewall for Domain profile and block outbound connections
  community.windows.win_firewall:
    profiles: Domain
    state: enabled
    outbound_action: block
  tags: block_connection

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
enabled
boolean
always
Current firewall status for chosen profile (after any potential change).

Sample:
True
profiles
string
always
Chosen profile.

Sample:
Domain
state
list / elements=string
always
Desired state of the given firewall profile(s).

Sample:
enabled


Authors

  • Michael Eaton (@michaeldeaton)