Add posibility to assign more than one interface to zones

FlatKey · Jun 3, 2020 · fa4ae80 · fa4ae80
1 parent cd52402
commit fa4ae80
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -31,15 +31,6 @@ The following variable is used to define the default zone of firewalld:
 
 ---
 
-The following variables are used to define the interface of a zone (multiple interfaces per zone possible, one interface per line):
-
-```
-    firewalld_zone_interface:
-      public: (required, e.g. eth0)
-```
-
----
-
 The following variables are used to define the source of a zone:
 
 ```
@@ -89,6 +80,21 @@ The following variables are used to define a port rule:
 
 ---
 
+The following variables are used to define which interfaces assigned to zones:
+
+```
+    firewalld_zone_interfaces:
+      - name: trusted
+        interfaces:
+          - eth1
+          - eth2
+      - name: public
+        interfaces:
+          - eth0
+```
+
+---
+
 The following variables are used to define a rich rule: 
 
 ```

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -20,13 +20,15 @@
   changed_when: result.stdout == "success"
   tags: firewalld
 
-- name: set firewalld zone interface
+- name: set firewalld zone interfaces
   shell: |
-    if [[ "$(/bin/firewall-cmd --get-zone-of-interface={{ item.value }})" != "{{ item.key }}" ]]
+    if [[ "$(/bin/firewall-cmd --get-zone-of-interface={{ item.1 }})" != "{{ item.0.name }}" ]]
     then
-      /bin/firewall-cmd --zone={{ item.key }} --add-interface={{ item.value }} --permanent && echo "changed"
+      /bin/firewall-cmd --zone={{ item.0.name }} --add-interface={{ item.1 }} --permanent && echo "changed"
     fi
-  with_dict: "{{ firewalld_zone_interface|default({}) }}"
+  with_subelements: 
+    - "{{ firewalld_zone_interfaces|default([]) }}"
+    - interfaces
   register: shell_result
   changed_when: shell_result.stdout | join('') is search('changed')
   notify: restart firewalld