ansible.posix.firewalld_info – Gather information about firewalld

Note

This plugin is part of the ansible.posix collection (version 1.3.0).

To install it use: ansible-galaxy collection install ansible.posix.

To use it in a playbook, specify: ansible.posix.firewalld_info.

Synopsis

  • This module gathers information about firewalld rules.

Requirements

The below requirements are needed on the host that executes this module.

  • firewalld >= 0.2.11

  • python-firewall

  • python-dbus

Parameters

Parameter Choices/Defaults Comments
active_zones
boolean
    Choices:
  • no ←
  • yes
Gather information about active zones.
zones
list / elements=string
Gather information about specific zones.
If only works if active_zones is set to false.

Examples

- name: Gather information about active zones
  ansible.posix.firewalld_info:
    active_zones: yes

- name: Gather information about specific zones
  ansible.posix.firewalld_info:
    zones:
      - public
      - external
      - internal

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
active_zones
boolean
success
Gather active zones only if turn it true.

collected_zones
list / elements=string
success
A list of collected zones.

Sample:
['external', 'internal']
firewalld_info
complex
success
Returns various information about firewalld configuration.

 
default_zones
string
success
The zone name of default zone.

Sample:
public
 
version
string
success
The version information of firewalld.

Sample:
0.8.2
 
zones
complex
success
A dict of zones to gather information.

   
zone
complex
success
The zone name registered in firewalld.

Sample:
external
     
forward
boolean
success
The network interface forwarding.
This parameter supports on python-firewall 0.9.0(or later) and is not collected in earlier versions.

     
forward_ports
list / elements=string
success
A list of forwarding port pair with protocol.

Sample:
['icmp', 'ipv6-icmp']
     
icmp_block_inversion
boolean
success
The ICMP block inversion to block all ICMP requests.

     
icmp_blocks
list / elements=string
success
A list of blocking icmp protocol.

Sample:
['echo-request']
     
interfaces
list / elements=string
success
A list of network interfaces.

Sample:
['eth0', 'eth1']
     
masquerade
boolean
success
The network interface masquerading.

     
ports
list / elements=string
success
A list of network port with protocol.

Sample:
[['22', 'tcp'], ['80', 'tcp']]
     
protocols
list / elements=string
success
A list of network protocol.

Sample:
['icmp', 'ipv6-icmp']
     
rich_rules
list / elements=string
success
A list of rich language rule.

Sample:
['rule protocol value="icmp" reject', 'rule priority="32767" reject']
     
services
list / elements=string
success
A list of network services.

Sample:
['dhcp', 'dns', 'ssh']
     
source_ports
list / elements=string
success
A list of network source port with protocol.

Sample:
[['30000', 'tcp'], ['30001', 'tcp']]
     
sources
list / elements=string
success
A list of source network address.

Sample:
['172.16.30.0/24', '172.16.31.0/24']
     
target
string
success
A list of services in the zone.

Sample:
ACCEPT
undefined_zones
list / elements=string
success
A list of undefined zones in zones option.
undefined_zones will be ignored for gathering process.

Sample:
['foo', 'bar']


Authors

  • Hideki Saito (@saito-hideki)