Add possibility to add Firewall Rules

NETWAYS / ansible-collection-elasticstack

A collection to install and manage the Elastic Stack

GNU General Public License v3.0

9 stars 8 forks source link

Add possibility to add Firewall Rules #204

Closed psteinmetzcid closed 11 months ago

psteinmetzcid commented 1 year ago

Our servers are additionally protected by ufw.

A great addition would be the automatic configuration of the firewall rules (ufw/firewalld) during the installation of the stack.

martialblog commented 1 year ago

Hey, personally I think this is out-out-scope for the collection. Since we cannot anticipate every possible firewall configuration/tooling on the nodes.

My suggestion is to have pre_tasks, with custom Ansible code to take care of this.

What do you think @widhalmt @DanOPT ?

This is similar to in-scope-out-out-scope discussion here

https://github.com/NETWAYS/ansible-collection-elasticstack/issues/177

widhalmt commented 11 months ago

Hey, thanks for the input.

Personally I'd say firewall configuration is still a bit more out of scope than installation of specific versions or setting them on hold. We usually use https://github.com/geerlingguy/ansible-role-firewall as a combination for managing the firewall.

lcndsmr commented 11 months ago

To add my two cents: Firewall rules are imo definitely out of scope, i don't think we should add this to the collection, please see already existing roles.

Closing this issue now