community.windows.win_firewall_rule – Windows firewall automation

Note

This plugin is part of the community.windows collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.windows.

To use it in a playbook, specify: community.windows.win_firewall_rule.

Synopsis

  • Allows you to create/remove/update firewall rules.

Parameters

Parameter Choices/Defaults Comments
action
string
    Choices:
  • allow
  • block
What to do with the items this rule is for.
Defaults to allow when creating a new rule.
description
string
Description for the firewall rule.
direction
string
    Choices:
  • in
  • out
Whether this rule is for inbound or outbound traffic.
Defaults to in when creating a new rule.
enabled
boolean
    Choices:
  • no
  • yes
Whether this firewall rule is enabled or disabled.
Defaults to true when creating a new rule.

aliases: enable
group
string
The group name for the rule.
If name is not specified then the module will set the firewall options for all the rules in this group.
icmp_type_code
list / elements=string
The ICMP types and codes for the rule.
This is only valid when protocol is icmpv4 or icmpv6.
Each entry follows the format type:code where type is the type number and code is the code number for that type or * for all codes.
Set the value to just * to apply the rule for all ICMP type codes.
See https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml for a list of ICMP types and the codes that apply to them.
localip
string
The local ip address this rule applies to.
Set to any to apply to all local ip addresses.
Defaults to any when creating a new rule.
localport
string
The local port this rule applies to.
Set to any to apply to all local ports.
Defaults to any when creating a new rule.
Must have protocol set
name
string
The rule's display name.
This is required unless group is specified.
profiles
list / elements=string
The profile this rule applies to.
Defaults to domain,private,public when creating a new rule.

aliases: profile
program
string
The program this rule applies to.
Set to any to apply to all programs.
Defaults to any when creating a new rule.
protocol
string
The protocol this rule applies to.
Set to any to apply to all services.
Defaults to any when creating a new rule.
remoteip
string
The remote ip address/range this rule applies to.
Set to any to apply to all remote ip addresses.
Defaults to any when creating a new rule.
remoteport
string
The remote port this rule applies to.
Set to any to apply to all remote ports.
Defaults to any when creating a new rule.
Must have protocol set
service
string
The service this rule applies to.
Set to any to apply to all services.
Defaults to any when creating a new rule.
state
string
    Choices:
  • absent
  • present ←
Should this rule be added or removed.

Notes

Note

  • Multiple firewall rules can share the same name, if there are multiple matches then the module will set the user defined options for each matching rule.

See Also

See also

community.windows.win_firewall

The official documentation on the community.windows.win_firewall module.

Examples

- name: Firewall rule to allow SMTP on TCP port 25
  community.windows.win_firewall_rule:
    name: SMTP
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow RDP on TCP port 3389
  community.windows.win_firewall_rule:
    name: Remote Desktop
    localport: 3389
    action: allow
    direction: in
    protocol: tcp
    profiles: private
    state: present
    enabled: yes

- name: Firewall rule to be created for application group
  community.windows.win_firewall_rule:
    name: SMTP
    group: application
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Enable all the Firewall rules in application group
  win_firewall_rule:
    group: application
    enabled: yes

- name: Firewall rule to allow port range
  community.windows.win_firewall_rule:
    name: Sample port range
    localport: 5000-5010
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow ICMP v4 echo (ping)
  community.windows.win_firewall_rule:
    name: ICMP Allow incoming V4 echo request
    enabled: yes
    state: present
    profiles: private
    action: allow
    direction: in
    protocol: icmpv4
    icmp_type_code:
    - '8:*'

- name: Firewall rule to alloc ICMP v4 on all type codes
  community.windows.win_firewall_rule:
    name: ICMP Allow incoming V4 echo request
    enabled: yes
    state: present
    profiles: private
    action: allow
    direction: in
    protocol: icmpv4
    icmp_type_code: '*'

Authors

  • Artem Zinenko (@ar7z1)

  • Timothy Vandenbrande (@TimothyVandenbrande)