Merge pull request #5 from pavel-z1/master

Allow to configure the same service for different zones
FlatKey · Jun 29, 2020 · 47797ad · 47797ad
2 parents 6668c92 + fa4ae80
commit 47797ad
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -31,15 +31,6 @@ The following variable is used to define the default zone of firewalld:
 
 ---
 
-The following variables are used to define the interface of a zone (multiple interfaces per zone possible, one interface per line):
-
-```
-    firewalld_zone_interface:
-      public: (required, e.g. eth0)
-```
-
----
-
 The following variables are used to define the source of a zone:
 
 ```
@@ -89,6 +80,21 @@ The following variables are used to define a port rule:
 
 ---
 
+The following variables are used to define which interfaces assigned to zones:
+
+```
+    firewalld_zone_interfaces:
+      - name: trusted
+        interfaces:
+          - eth1
+          - eth2
+      - name: public
+        interfaces:
+          - eth0
+```
+
+---
+
 The following variables are used to define a rich rule: 
 
 ```

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -20,13 +20,15 @@
   changed_when: result.stdout == "success"
   tags: firewalld
 
-- name: set firewalld zone interface
+- name: set firewalld zone interfaces
   shell: |
-    if [[ "$(/bin/firewall-cmd --get-zone-of-interface={{ item.value }})" != "{{ item.key }}" ]]
+    if [[ "$(/bin/firewall-cmd --get-zone-of-interface={{ item.1 }})" != "{{ item.0.name }}" ]]
     then
-      /bin/firewall-cmd --zone={{ item.key }} --add-interface={{ item.value }} --permanent && echo "changed"
+      /bin/firewall-cmd --zone={{ item.0.name }} --add-interface={{ item.1 }} --permanent && echo "changed"
     fi
-  with_dict: "{{ firewalld_zone_interface|default({}) }}"
+  with_subelements: 
+    - "{{ firewalld_zone_interfaces|default([]) }}"
+    - interfaces
   register: shell_result
   changed_when: shell_result.stdout | join('') is search('changed')
   notify: restart firewalld
@@ -63,7 +65,7 @@
 
 - name: set firewalld service rules
   firewalld:
-    service: "{{ item.key }}"
+    service: "{{ item.value.service | default(item.key) }}"
     permanent: "{{ item.value.permanent|default('true') }}"
     immediate: "{{ item.value.immediate|default('true') }}"
     state: "{{ item.value.state|default('enabled') }}"