win_firewall_rule – Windows firewall automation

Synopsis

  • Allows you to create/remove/update firewall rules.

Parameters

Parameter Choices/Defaults Comments
action
string
    Choices:
  • allow
  • block
What to do with the items this rule is for.
Defaults to allow when creating a new rule.
description
string
Description for the firewall rule.
direction
string
    Choices:
  • in
  • out
Whether this rule is for inbound or outbound traffic.
Defaults to in when creating a new rule.
enabled
boolean
    Choices:
  • no
  • yes
Whether this firewall rule is enabled or disabled.
Defaults to true when creating a new rule.

aliases: enable
group
string
added in 2.9
The group name for the rule.
icmp_type_code
list
The ICMP types and codes for the rule.
This is only valid when protocol is icmpv4 or icmpv6.
Each entry follows the format type:code where type is the type number and code is the code number for that type or * for all codes.
Set the value to just * to apply the rule for all ICMP type codes.
See https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml for a list of ICMP types and the codes that apply to them.
localip
string
The local ip address this rule applies to.
Set to any to apply to all local ip addresses.
Defaults to any when creating a new rule.
localport
string
The local port this rule applies to.
Set to any to apply to all local ports.
Defaults to any when creating a new rule.
Must have protocol set
name
string / required
The rule's display name.
profiles
list
The profile this rule applies to.
Defaults to domain,private,public when creating a new rule.

aliases: profile
program
string
The program this rule applies to.
Set to any to apply to all programs.
Defaults to any when creating a new rule.
protocol
string
The protocol this rule applies to.
Set to any to apply to all services.
Defaults to any when creating a new rule.
remoteip
string
The remote ip address/range this rule applies to.
Set to any to apply to all remote ip addresses.
Defaults to any when creating a new rule.
remoteport
string
The remote port this rule applies to.
Set to any to apply to all remote ports.
Defaults to any when creating a new rule.
Must have protocol set
service
string
The service this rule applies to.
Set to any to apply to all services.
Defaults to any when creating a new rule.
state
string
    Choices:
  • absent
  • present ←
Should this rule be added or removed.

See Also

See also

win_firewall – Enable or disable the Windows Firewall
The official documentation on the win_firewall module.

Examples

- name: Firewall rule to allow SMTP on TCP port 25
  win_firewall_rule:
    name: SMTP
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow RDP on TCP port 3389
  win_firewall_rule:
    name: Remote Desktop
    localport: 3389
    action: allow
    direction: in
    protocol: tcp
    profiles: private
    state: present
    enabled: yes

- name: Firewall rule to be created for application group
  win_firewall_rule:
    name: SMTP
    group: application
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow port range
  win_firewall_rule:
    name: Sample port range
    localport: 5000-5010
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow ICMP v4 echo (ping)
  win_firewall_rule:
    name: ICMP Allow incoming V4 echo request
    enabled: yes
    state: present
    profiles: private
    action: allow
    direction: in
    protocol: icmpv4
    icmp_type_code:
    - '8:*'

- name: Firewall rule to alloc ICMP v4 on all type codes
  win_firewall_rule:
    name: ICMP Allow incoming V4 echo request
    enabled: yes
    state: present
    profiles: private
    action: allow
    direction: in
    protocol: icmpv4
    icmp_type_code: '*'

Status

Authors

  • Artem Zinenko (@ar7z1)
  • Timothy Vandenbrande (@TimothyVandenbrande)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.