debug

khaledk2 · Dec 17, 2024 · b7d59f4 · b7d59f4
1 parent f710503
commit b7d59f4
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/ansible/idr-firewall.yml b/ansible/idr-firewall.yml
@@ -10,7 +10,6 @@
       ansible.builtin.dnf:
         update_cache: true
         name:
-          - python3-firewall
           - firewalld
         state: present
 
@@ -28,9 +27,11 @@
         rich_rule:
           - "rule family='ipv4' forward accept"
           - 'rule family="ipv4" destination address="0.0.0.0/0" accept'
+          #firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -j ACCEPT
+          #- firewall-cmd --add-rich-rule='rule family="ipv4" destination address="0.0.0.0/0" accept'
           - 'rule family="ipv4" direction="out" accept'
 
-  # Docker sets up its own rules, don't overwrite
+#   Docker sets up its own rules, don't overwrite
 # - hosts: >
 #     {{ idr_environment | default('idr') }}-management-hosts
 
@@ -71,6 +72,9 @@
           # For OUTPUT (Outgoing Traffic)
           - 'rule family="ipv4" direction="out" state established accept'
           - 'rule family="ipv4" direction="out" state related accept'
+          # firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 --dport 80 -j ACCEPT
+          # firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -s 192.0.0.0/8 -j ACCEPT
+
           # allows all incoming traffic on the loopback interface (lo)
           - 'rule family="ipv4" source address="127.0.0.0/8" accept'
           #  rule to allow TCP and udp traffic from  10.0.0.0/8 and 192.168.0.0/16 range