community.windows.win_firewall_rule – Windows firewall automation¶
Note
This plugin is part of the community.windows collection (version 1.3.0).
To install it use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_firewall_rule
.
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
action
string
|
|
What to do with the items this rule is for.
Defaults to
allow when creating a new rule. |
description
string
|
Description for the firewall rule.
|
|
direction
string
|
|
Whether this rule is for inbound or outbound traffic.
Defaults to
in when creating a new rule. |
enabled
boolean
|
|
Whether this firewall rule is enabled or disabled.
Defaults to
true when creating a new rule.aliases: enable |
group
string
|
The group name for the rule.
If name is not specified then the module will set the firewall options for all the rules in this group.
|
|
icmp_type_code
list
/ elements=string
|
The ICMP types and codes for the rule.
This is only valid when protocol is
icmpv4 or icmpv6 .Each entry follows the format
type:code where type is the type number and code is the code number for that type or * for all codes.Set the value to just
* to apply the rule for all ICMP type codes.See https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml for a list of ICMP types and the codes that apply to them.
|
|
localip
string
|
The local ip address this rule applies to.
Set to
any to apply to all local ip addresses.Defaults to
any when creating a new rule. |
|
localport
string
|
The local port this rule applies to.
Set to
any to apply to all local ports.Defaults to
any when creating a new rule.Must have protocol set
|
|
name
string
|
The rule's display name.
This is required unless group is specified.
|
|
profiles
list
/ elements=string
|
The profile this rule applies to.
Defaults to
domain,private,public when creating a new rule.aliases: profile |
|
program
string
|
The program this rule applies to.
Set to
any to apply to all programs.Defaults to
any when creating a new rule. |
|
protocol
string
|
The protocol this rule applies to.
Set to
any to apply to all services.Defaults to
any when creating a new rule. |
|
remoteip
string
|
The remote ip address/range this rule applies to.
Set to
any to apply to all remote ip addresses.Defaults to
any when creating a new rule. |
|
remoteport
string
|
The remote port this rule applies to.
Set to
any to apply to all remote ports.Defaults to
any when creating a new rule.Must have protocol set
|
|
service
string
|
The service this rule applies to.
Set to
any to apply to all services.Defaults to
any when creating a new rule. |
|
state
string
|
|
Should this rule be added or removed.
|
Notes¶
Note
Multiple firewall rules can share the same name, if there are multiple matches then the module will set the user defined options for each matching rule.
See Also¶
See also
- community.windows.win_firewall
The official documentation on the community.windows.win_firewall module.
Examples¶
- name: Firewall rule to allow SMTP on TCP port 25
community.windows.win_firewall_rule:
name: SMTP
localport: 25
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
- name: Firewall rule to allow RDP on TCP port 3389
community.windows.win_firewall_rule:
name: Remote Desktop
localport: 3389
action: allow
direction: in
protocol: tcp
profiles: private
state: present
enabled: yes
- name: Firewall rule to be created for application group
community.windows.win_firewall_rule:
name: SMTP
group: application
localport: 25
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
- name: Enable all the Firewall rules in application group
win_firewall_rule:
group: application
enabled: yes
- name: Firewall rule to allow port range
community.windows.win_firewall_rule:
name: Sample port range
localport: 5000-5010
action: allow
direction: in
protocol: tcp
state: present
enabled: yes
- name: Firewall rule to allow ICMP v4 echo (ping)
community.windows.win_firewall_rule:
name: ICMP Allow incoming V4 echo request
enabled: yes
state: present
profiles: private
action: allow
direction: in
protocol: icmpv4
icmp_type_code:
- '8:*'
- name: Firewall rule to alloc ICMP v4 on all type codes
community.windows.win_firewall_rule:
name: ICMP Allow incoming V4 echo request
enabled: yes
state: present
profiles: private
action: allow
direction: in
protocol: icmpv4
icmp_type_code: '*'
Authors¶
Artem Zinenko (@ar7z1)
Timothy Vandenbrande (@TimothyVandenbrande)