Closed metabsd closed 3 years ago
It would be useful, however the CIS controls that the playbook is attempting to enforce do not have an option for disabling it. The control is to enable firewalld or iptables and then to configure it. I don't configure it because in that there's too many variables, but it really should be for the controls to be correct.
The way around it is to skip the tag(s) for the firewall options when you run the playbook.
You right. So I will maintain couple other config on our role locally.
Right, either skip the tag or include your own firewall config file is the best way to handle it. Thanks!
Do you think it would be useful to add the possibility to disable the firewall. A useful option might be disabled. Thx!
https://github.com/dsglaser/cis-security/blob/9388a4a7f0d966af90a300df6884b134ed45e124/dsglaser/cis_security/roles/cis_security/defaults/main.yml#L60