rich_rules and port ranges #6
Comments
|
This is currently not possible; I've kept the role quite simple to allow the role to be used on many distributions... This is quite a hard one; such a Either make a suggestion (pull request) or give this some time to address. Thanks for the feedback! |
flybyray
added a commit
to flybyray/ansible-role-firewall
that referenced
this issue
Jan 16, 2022
port range support for firewalld could be done like this. Might be helpful in [robertdebock#6](robertdebock#6) ```yaml firewall_services: - name: 30000-32767 protocol: tcp range: true ```
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi
Thanks a lot for those incredible roles!
I using this role for the deployment of a Kubernetes cluster. While doing this, I found two things which I think are currently not possible with your role.
1.) I wanted to configure Firewalld to open the whole range of standard nodeports, which is 30000-32767/tcp. I was able to do so with a Ubuntu, defining
30000:32767as the name andtcpas protocol. The colon is important (its UFW syntax). Doing the same with Centos8 was not possible. Because a) in Firewalld a range has a dash, not a colon (eg30000-32767). But this change didn't help as b) the role opens services and not ports. And Firewalld needs the range to be port, not service AFAIK.2.) I also used your keepalived role in this project. As that role doesn't open the Firewall, I wanted to do this with your firewall role. But I didn't found a way. Therefore, my playbooks looks like this:
Is there a way this can be done with this role?
The text was updated successfully, but these errors were encountered: