win_firewall_rule – Windows firewall automation

New in version 2.0.

Synopsis

  • Allows you to create/remove/update firewall rules.

Parameters

Parameter Choices/Defaults Comments
action
- / required
    Choices:
  • allow
  • block
What to do with the items this rule is for.
description
-
Description for the firewall rule.
direction
- / required
    Choices:
  • in
  • out
Is this rule for inbound or outbound traffic.
enabled
boolean
    Choices:
  • no
  • yes ←
Is this firewall rule enabled or disabled.

aliases: enable
force
boolean
    Choices:
  • no ←
  • yes
Replace any existing rule by removing it first.
This is no longer required in 2.4 as rules no longer need replacing when being modified.
DEPRECATED in 2.4 and will be removed in 2.9.
localip
-
Default:
"any"
The local ip address this rule applies to.
localport
-
The local port this rule applies to.
name
- / required
The rules name
profiles
list
Default:
"domain,private,public"
The profile this rule applies to.

aliases: profile
program
-
The program this rule applies to.
protocol
-
Default:
"any"
The protocol this rule applies to.
remoteip
-
Default:
"any"
The remote ip address/range this rule applies to.
remoteport
-
The remote port this rule applies to.
service
-
The service this rule applies to.
state
-
    Choices:
  • absent
  • present ←
Should this rule be added or removed.

Examples

- name: Firewall rule to allow SMTP on TCP port 25
  win_firewall_rule:
    name: SMTP
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow RDP on TCP port 3389
  win_firewall_rule:
    name: Remote Desktop
    localport: 3389
    action: allow
    direction: in
    protocol: tcp
    profiles: private
    state: present
    enabled: yes

Status

Authors

  • Artem Zinenko (@ar7z1)
  • Timothy Vandenbrande (@TimothyVandenbrande)

Hint

If you notice any issues in this documentation you can edit this document to improve it.