From 031f818d8e87d54f7082d35ef4a0cb9250f965a0 Mon Sep 17 00:00:00 2001
From: khaledk2 <khaledk2@hotmail.com>
Date: Tue, 17 Dec 2024 13:58:25 +0000
Subject: [PATCH] debug

---
 ansible/idr-firewall.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ansible/idr-firewall.yml b/ansible/idr-firewall.yml
index 18a79c2e..fd980673 100644
--- a/ansible/idr-firewall.yml
+++ b/ansible/idr-firewall.yml
@@ -70,8 +70,8 @@
           - 'rule family="ipv4" state established accept'
           - 'rule family="ipv4" state related accept'
           # For OUTPUT (Outgoing Traffic)
-          - 'rule family="ipv4" direction="out" state established accept'
-          - 'rule family="ipv4" direction="out" state related accept'
+          #- 'rule family="ipv4" direction="out" state established accept'
+          #- 'rule family="ipv4" direction="out" state related accept'
           # firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 --dport 80 -j ACCEPT
           # firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 -j ACCEPT
 
@@ -89,6 +89,12 @@
           #  allow TCP traffic on idr_external_tcp_ports
           - 'rule family="ipv4" protocol value="tcp" destination port={{ idr_external_tcp_ports | join("," ) }} accept'
 
+    - name: Run command
+      become: true
+      ansible.builtin.command :
+      - firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 --dport 80 -j ACCEPT
+      - firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 -j ACCEPT
+      -
     # Use a low priority REJECT rule so that clients can detect when
     # they've been rejected
     # The alternative of setting a default DROP policy will leave them