dj-wasabi / ansible-zabbix-agent

Installing and maintaining zabbix-agent for RedHat/Debian/Ubuntu/Windows/Suse.
https://galaxy.ansible.com/dj-wasabi/zabbix-agent
MIT License
327 stars 248 forks source link

Specify zone for firewalld rules #260

Closed jonathon2nd closed 5 years ago

jonathon2nd commented 5 years ago

We have servers which use different zones for different networks. The current setup of 'Configure firewalld' task adds to the default zone, which may not be desired. In my case for a number of servers it is not.

It would be nice if an optional var could be added, maybe zabbix_agent_firewalld_zone, which could then be passed into the task. Maybe something like the following?

- name: "Configure firewalld (zabbix_agent_listenport)"
  firewalld:
    rich_rule: 'rule family="ipv4" source address="{{ zabbix_agent_firewalld_source }}" port protocol="tcp" port="{{ zabbix_agent_listenport }}" accept'
    permanent: true
    state: enabled
    zone: "{{ zabbix_agent_firewalld_zone }}"
  become: yes
  when: zabbix_agent_firewalld_enable | bool
  notify:
    - firewalld-reload
  tags: zabbix_agent_firewalld_enable

I am not sure what the logic would look like to allow for the variable to be provided verses not.

dj-wasabi commented 5 years ago

PR is merged, so I'll close this one. Thanks again! 👍