Closed jmarrero closed 2 years ago
Thanks so much for working on this! Have you gotten as far as testing that firewalld starts up and is working with this?
Yes Sir :grin:
[core@tutorial ~]$ rpm-ostree status
State: idle
Deployments:
● ostree-unverified-registry:quay.io/jmarrero_rh/my-custom-fcos:ansible
Digest: sha256:c58d5027296e320bcd9447825be8ba58addd97adc8f999da42b03195c8cc97b0
Timestamp: 2022-05-10T13:32:46Z
ostree-unverified-registry:quay.io/coreos-assembler/fcos:testing-devel
Digest: sha256:ee85bf2b3a7b9a8bdea43900ddf4cf461d4ebbbccc3fd70ca21a7fcd2f497463
Version: 35.20220509.20.0 (2022-05-09T22:07:20Z)
[core@tutorial ~]$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-05-10 13:33:29 UTC; 38s ago
Docs: man:firewalld(1)
Main PID: 965 (firewalld)
Tasks: 2 (limit: 9423)
Memory: 42.4M
CPU: 716ms
CGroup: /system.slice/firewalld.service
└─ 965 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
May 10 13:33:28 tutorial systemd[1]: Starting firewalld - dynamic firewall daemon...
May 10 13:33:29 tutorial systemd[1]: Started firewalld - dynamic firewall daemon.
[core@tutorial ~]$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens8
sources:
services: dhcpv6-client mdns ssh
ports: 80/tcp 443/tcp 1936/tcp 2379/tcp 2380/tcp 3306/tcp 5050/tcp 6080/tcp 6180/tcp 6181/tcp 6183/tcp 6385/tcp 6443/tcp 8089/tcp 9001/tcp 9100-9103/tcp 9105-9106/tcp 9200-9219/tcp 9258/tcp 9444-9447/tcp 9537/tcp 9641-9644/tcp 9978-9979/tcp 10010/tcp 10250-10251/tcp 10255-10259/tcp 10263/tcp 10357/tcp 10443-10444/tcp 17697/tcp 22623-22624/tcp 60000/tcp 500/udp 4500/udp 4789/udp 6081/udp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[core@tutorial ~]$
Ok I think I found a bug with the firewalld component of Ansible https://github.com/ansible-collections/ansible.posix/issues/357. But this is now ready for review.
Adds example using Ansible to configure firewalld.