Ansible firewalld Module: Open Firewall Ports on RHEL/CentOS (Examples) — Video Tutorial

How to manage firewall ports on RHEL, CentOS, and Fedora using Ansible firewalld module. Open ports, add services, manage zones, and make rules permanent.

Watch on YouTube · Read the written article

Tutorial summary

What you'll learn

How to open firewall ports in RedHat-like systems with Ansible?
Ansible open firewall ports in RedHat-like systems
Parameters
Conclusion
Open Ports
Open a single port
Open multiple ports
Open port range
Add Services
Manage Zones

How to open firewall ports in RedHat-like systems with Ansible? I'm going to show you a live Playbook and some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot. Ansible open firewall ports in RedHat-like systems Today we're talking about the Ansible module `firewalld`. The full name is `ansible.posix.firewalld`, which means that is part of the collection targeting POSIX platforms. This module requires Ansible 2.9+. It works in RedHat-like systems with firewalld >= 0.2.11 and python firewalld bindings. It manages arbitrary ports/services with firewalld. Parameters - **state** _string_ - enabled / present / absent / disabled - service _string_ - firewall-cmd - get-services - port _string_ - PORT/PROTOCOL or PORT-PORT/PROTOCOL - permanent _boolean_ - no/yes - immediate _boolean_ - **no**/yes The parameter list is pretty wide but these are the most important options for our use case to open firewall ports. The "state" parameter is mandatory and specifies to enable or disable a setting. The options "enabled" accept and "disabled" reject connections for ports. The options "present" and "absent" are for zone-level operations. The "service" parameter specifies the name of a service to add/remove to/from firewalld. For the full list please use "firewall-cmd - get-services". The "port" parameter specifies the name of a port or port range to add/remove to/from firewalld. The format is PORT/PROTOCOL so for example 80/TCP for HTTP connections. You could also specify a range with PORT-PORT/PROTOCOL. The "permanent" parameter defines if the configuration should persist across reboots. Note that if "permanent" is no, "immediate" is assumed yes. The "immediate" parameter applies immediately to the configuration of the system. ## Playbook Let's jump in a real-life Playbook about how to open firewall ports in RedHat-like systems with Ansible Playbook. - verify-firewall.sh ```bash firewall-cmd --state systemctrl status firewalld firewall-cmd --list-all firewall-cmd --list-services dnf info nginx ``` - firewalld.yml ```yaml --- - name: firewalld module Playbook hosts: all become: true tasks: - name: nginx installed ansible.builtin.yum: name: nginx state: present - name: firewalld rules ansible.posix.firewalld: service: "{{ item }}" state: enabled permanent: true immediate: true with_items: - http - https ``` [code with ❤️ in GitHub](https://github.com/lucab85/ansible-pilot/tree/master/open%20firewall%20ports) Conclusion Now you know how to open firewall ports in RedHat-like systems with Ansible. Open Ports Open a single port ```yaml - name: Open HTTP port ansible.posix.firewalld: port: 80/tcp permanent: true immediate: true state: enabled become: true ``` Open multiple ports ```yaml - name: Open application ports ansible.posix.firewalld: port: "{{ item }}" permanent: true immediate: true

About this tutorial

Author: Luca Berton
Difficulty: Beginner
Read time: 4 min
Category: installation

Topics covered

Related video tutorials