Ansible:firewalld 和添加新区域

Question

我尝试将以下内容添加到 Ansible 剧本中:

firewall-cmd --permanent --new-zone dockerc
firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
firewall-cmd --permanent --zone dockerc --add-port 53/udp

但是根据http://docs.ansible.com/ansible/firewalld_module.html区域没有添加新区域的选项。

有谁知道是否可以使用 Ansible 添加 dockerc 作为新区域？

Answer 1

截至2017年12月12日，具体提交8475171f67f ，firewalld模块支持区域的创建(和删除)。

- firewalld:
    zone: custom
    state: present
    permanent: true

将state设置为present或absent，并确保zone、state > 和 permanent 是任务中唯一的键。

来自 source code 的注释

• Zone transactions (creating, deleting) can be performed by using only the zone and state parameters "present" or "absent". Note that zone transactions must explicitly be permanent. This is a limitation in firewalld. This also means that you will have to reload firewalld after adding a zone that you wish to perfom immediate actions on. The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not permanent. Therefor, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone.