From 3db5b84a0f4a06bdda700af44e0bfebdee2ac969 Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <me@jthan.io>
Date: Fri, 17 Apr 2026 22:29:41 -0600
Subject: [PATCH] clean up some peer firewall stuff

---
 ansible/roles/netbird_peer/tasks/main.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ansible/roles/netbird_peer/tasks/main.yaml b/ansible/roles/netbird_peer/tasks/main.yaml
index 9b5e991..cf3711b 100644
--- a/ansible/roles/netbird_peer/tasks/main.yaml
+++ b/ansible/roles/netbird_peer/tasks/main.yaml
@@ -63,3 +63,23 @@
 - name: Run netbird up with setup key
   command:
     cmd: /usr/local/bin/netbird up --setup-key {{ netbird_setup_key }} --management-url https://netbird.jthan.io:443
+
+- name: Create netbird firewalld zone
+  ansible.posix.firewalld:
+    zone: netbird
+    state: present
+    permanent: true
+
+- name: Set netbird zone target to ACCEPT
+  ansible.posix.firewalld:
+    zone: netbird
+    state: present
+    permanent: true
+    target: ACCEPT
+
+- name: Add netbird interface to netbird zone 
+  ansible.posix.firewalld:
+    zone: netbird
+    interface: wt0
+    permanent: true
+    state: enabled