Documentation

firewalld - Manage arbitrary ports/services with firewalld

New in version 1.4.

Synopsis

This module allows for addition or deletion of services and ports either tcp or udp in either running or permanent firewalld rules.

Requirements (on host that executes module)

  • firewalld >= 0.2.11

Options

parameter required default choices comments
immediate
(added in 1.9)
 no
    Should this configuration be applied immediately, if set as permanent
    interface
    (added in 2.1)
    		 no
      The interface you would like to add/remove to/from a zone in firewalld
      permanent
      		 no
        Should this configuration be in the running firewalld configuration or persist across reboots.
        port
        		 no
          Name of a port or port range to add/remove to/from firewalld. Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
          rich_rule
          		 no
            Rich rule to add/remove to/from firewalld.
            service
            		 no
              Name of a service to add/remove to/from firewalld - service must be listed in /etc/services.
              source
              (added in 2.0)
              		 no
                The source/network you would like to add/remove to/from firewalld
                state
                		 yes
                • enabled
                • disabled
                Should this port accept(enabled) or reject(disabled) connections.
                timeout
                		 no
                  The amount of time the rule should be in effect for when non-permanent.
                  zone
                  		 no system-default(public)
                  • work
                  • drop
                  • internal
                  • external
                  • trusted
                  • home
                  • dmz
                  • public
                  • block
                  The firewalld zone to add/remove to/from (NOTE: default zone can be configured per system but "public" is default from upstream. Available choices can be extended based on per-system configs, listed here are "out of the box" defaults).

                  Examples

                  - firewalld: service=https permanent=true state=enabled
- firewalld: port=8081/tcp permanent=true state=disabled
- firewalld: port=161-162/udp permanent=true state=enabled
- firewalld: zone=dmz service=http permanent=true state=enabled
- firewalld: rich_rule='rule service name="ftp" audit limit value="1/m" accept' permanent=true state=enabled
- firewalld: source='192.168.1.0/24' zone=internal state=enabled
- firewalld: zone=trusted interface=eth2 permanent=true state=enabled

                  Notes

                  Note

                  Not tested on any Debian based system.

                  Note

                  Requires the python2 bindings of firewalld, who may not be installed by default if the distribution switched to python 3

                  This is an Extras Module

                  For more information on what this means please read Extras Modules

                  For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.