firewalld

# firewalld
## 永久开放TCP端口

```yaml
- name: 修改firewalld规则
  firewalld:
    zone: public # 模块默认为null，firewalld默认为public。
    source: 192.0.2.0/24  # 允许访问端口的IP段
    immediate: true
    offline: true
    permanent: true
    port: '{{ item }}'
    state: enabled
  with_items:
  - 53/udp
  - 8000-8888/tcp  # 开放范围端口
```

## 转发443端口到8443
```
- name: 转发443端口到8443
  firewalld:
    rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443
    zone: public
    permanent: yes
    immediate: yes
    state: enabled
```

## 帮助文档
`ansible-doc firewalld`

```yaml
EXAMPLES:

- firewalld:
    service: https
    permanent: yes
    state: enabled

- firewalld:
    port: 8081/tcp
    permanent: yes
    state: disabled

- firewalld:
    port: 161-162/udp
    permanent: yes
    state: enabled

- firewalld:
    zone: dmz
    service: http
    permanent: yes
    state: enabled

- firewalld:
    rich_rule: rule service name="ftp" audit limit value="1/m" accept
    permanent: yes
    state: enabled

- firewalld:
    source: 192.0.2.0/24
    zone: internal
    state: enabled

- firewalld:
    zone: trusted
    interface: eth2
    permanent: yes
    state: enabled

- firewalld:
    masquerade: yes
    state: enabled
    permanent: yes
    zone: dmz

- firewalld:
    zone: custom
    state: present
    permanent: yes

- firewalld:
    zone: drop
    state: present
    permanent: yes
    icmp_block_inversion: yes

- firewalld:
    zone: drop
    state: present
    permanent: yes
    icmp_block: echo-request

- name: Redirect port 443 to 8443 with Rich Rule
  firewalld:
    rich_rule: rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443
    zone: public
    permanent: yes
    immediate: yes
    state: enabled
```