Add some more sane defaults to firewalld

2025-12-28 13:41:45 -07:00
parent 5282bdcf6d
commit cb4b3cd6f1
1 changed files with 24 additions and 0 deletions
--- a/ansible/roles/common/tasks/main.yaml
+++ b/ansible/roles/common/tasks/main.yaml
@@ -14,3 +14,27 @@
    state: started
    enabled: true

+- name: Add ssh to firewalld
+  ansible.posix.firewalld:
+    service: ssh
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Add dhcpv6-client to firewalld
+  ansible.posix.firewalld:
+    service: dhcpv6-client
+    state: enabled
+    permanent: true
+    immediate: true
+    offline: true
+
+- name: Disallow cockpit firewalld
+  ansible.posix.firewalld:
+    service: cockpit
+    state: disabled
+    permanent: true
+    immediate: true
+    offline: true
+