{"id":25074883,"url":"https://github.com/farisc0de/ansible-role-firewall","last_synced_at":"2026-01-11T02:48:39.896Z","repository":{"id":273129858,"uuid":"918786354","full_name":"farisc0de/ansible-role-firewall","owner":"farisc0de","description":"A flexible firewall management role that supports both firewalld (RedHat) and iptables (Debian)","archived":false,"fork":false,"pushed_at":"2025-01-30T09:02:34.000Z","size":9,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-25T08:47:25.435Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/farisc0de.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-18T21:10:11.000Z","updated_at":"2025-01-30T09:02:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"161166be-f7bb-4318-99d3-62b913dff003","html_url":"https://github.com/farisc0de/ansible-role-firewall","commit_stats":null,"previous_names":["farisc0de/ansible-role-firewall"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisc0de%2Fansible-role-firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisc0de%2Fansible-role-firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisc0de%2Fansible-role-firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisc0de%2Fansible-role-firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/farisc0de","download_url":"https://codeload.github.com/farisc0de/ansible-role-firewall/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246531983,"owners_count":20792735,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-07T00:19:31.491Z","updated_at":"2026-01-11T02:48:39.872Z","avatar_url":"https://github.com/farisc0de.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Role: Firewall\n\nAn Ansible role to manage firewall rules across different Linux distributions. This role automatically detects the target system and applies the appropriate firewall configuration using:\n- `firewalld` for RedHat-based systems (RHEL, CentOS, Fedora)\n- `iptables` for Debian-based systems (Debian, Ubuntu)\n\n## Requirements\n\n- Ansible 2.9 or higher\n- Root privileges on target hosts\n- For RedHat systems: firewalld\n- For Debian systems: iptables and iptables-persistent\n\n## Role Variables\n\nAll variables are defined in `defaults/main.yml`. Here are the key variables you can customize:\n\n```yaml\n# TCP ports to allow (default common ports)\nfirewall_allowed_tcp_ports:\n  - \"80\"   # HTTP\n  - \"443\"  # HTTPS\n  - \"22\"   # SSH\n\n# UDP ports to allow (empty by default)\nfirewall_allowed_udp_ports: []\n\n# Custom rules with source IP restrictions\nfirewall_custom_rules: []  # Format: { port: PORT, protocol: tcp/udp, source: SOURCE_IP }\n\n# Whether to save rules after changes\nfirewall_save_rules: true\n\n# Default policies\nfirewall_default_input_policy: \"DROP\"    # Default: DROP all incoming traffic\nfirewall_default_forward_policy: \"DROP\"   # Default: DROP all forwarded traffic\nfirewall_default_output_policy: \"ACCEPT\"  # Default: ACCEPT all outgoing traffic\n```\n\n### Custom Rules Example\n\nYou can define custom rules with source IP restrictions:\n\n```yaml\nfirewall_custom_rules:\n  - port: \"8080\"\n    protocol: tcp\n    source: \"192.168.1.0/24\"  # Optional: restrict to specific source IP/network\n  - port: \"53\"\n    protocol: udp\n    source: \"10.0.0.0/8\"\n```\n\n## Dependencies\n\nNone.\n\n## Example Playbook\n\nBasic usage:\n\n```yaml\n- hosts: servers\n  become: true\n  roles:\n    - role: ansible-role-firewall\n```\n\nAdvanced usage with custom configuration:\n\n```yaml\n- hosts: servers\n  become: true\n  roles:\n    - role: ansible-role-firewall\n      vars:\n        firewall_allowed_tcp_ports:\n          - \"80\"    # HTTP\n          - \"443\"   # HTTPS\n          - \"22\"    # SSH\n          - \"3306\"  # MySQL\n        firewall_allowed_udp_ports:\n          - \"53\"    # DNS\n        firewall_custom_rules:\n          - port: \"8080\"\n            protocol: tcp\n            source: \"192.168.1.0/24\"\n```\n\n## Role Behavior\n\n### RedHat-based Systems\n- Uses `firewalld` for firewall management\n- Installs and enables firewalld service\n- Configures permanent rules\n- Automatically restarts firewalld when rules change\n\n### Debian-based Systems\n- Uses `iptables` for firewall management\n- Installs iptables and iptables-persistent\n- Saves rules using netfilter-persistent\n- Configures rules with proper state tracking\n\n## Tags\n\nThe role provides several tags for selective execution:\n\n- `firewall`: All firewall-related tasks\n- `firewall_install`: Installation tasks only\n- `firewall_config`: Configuration tasks only\n\n## Security Notes\n\n- The role defaults to a secure configuration with DROP policies for INPUT and FORWARD chains\n- All incoming traffic is denied by default unless explicitly allowed\n- Established connections are automatically allowed\n- Loopback interface traffic is allowed\n- Output traffic is allowed by default but can be restricted by changing `firewall_default_output_policy`\n\n## License\n\nMIT\n\n## Author Information\n\nCreated and maintained by Faris AL-Otaibi.\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Commit your changes\n4. Push to the branch\n5. Create a new Pull Request\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarisc0de%2Fansible-role-firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffarisc0de%2Fansible-role-firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarisc0de%2Fansible-role-firewall/lists"}