firewall mod

ef6a148b · ChongmingDu · 560c560d · ef6a148b · ef6a148b
Commit ef6a148b authored Feb 18, 2019 by ChongmingDu
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

roles/base/files/firewall.sh
+12 -0

roles/base/tasks/main.yml
+8 -0

No files found.
--- a/roles/base/files/firewall.sh
+++ b/roles/base/files/firewall.sh
+#!/bin/bash
+#setting firewall configure
+systemctl start firewalld.service  && systemctl enable firewalld.service
+firewall-cmd --permanent --add-port=19221/tcp
+firewall-cmd --permanent --add-port=80/tcp
+firewall-cmd --permanent --add-service=http
+firewall-cmd --permanent --add-service=https
+firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.16.233.0/20" port protocol="tcp" port="1-65535" accept"
+firewall-cmd --permanent --add-port=9527/tcp
+firewall-cmd --reload
+firewall-cmd --list-all
\ No newline at end of file
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -7,6 +7,14 @@
 - name: "Initialization OS"
  shell: /bin/bash /tmp/init.sh

+- name: "firewall shell"
+  copy:
+      src: firewall.sh
+      dest: /tmp/firewall.sh
+
+- name: "run firewall"
+  shell: /bin/bash /tmp/firewall.sh
+
 - name: "add logrotate file mongo"
  copy:
      src: mongo