From 195a7f474b7e838bb129fee4cff71c26c473f2a0 Mon Sep 17 00:00:00 2001
From: spmfox <spmfox@foxwd.com>
Date: Mon, 25 Aug 2025 13:08:13 -0400
Subject: adding rich rules for firewalld

---
 roles/host/tasks/firewall.yml | 9 +++++++++
 roles/host/tasks/main.yml     | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

(limited to 'roles')

diff --git a/roles/host/tasks/firewall.yml b/roles/host/tasks/firewall.yml
index 35138ff..999f5b9 100644
--- a/roles/host/tasks/firewall.yml
+++ b/roles/host/tasks/firewall.yml
@@ -15,3 +15,12 @@
     immediate: true
   loop: "{{ host_firewall.ports }}"
   when: host_firewall.ports is defined
+
+- name: Modify rich rules
+  ansible.posix.firewalld:
+    rich_rule: "{{ item.rule }}"
+    state: "{{ item.state }}"
+    permanent: true
+    immediate: true
+  loop: "{{ host_firewall.rich_rules }}"
+  when: host_firewall.rich_rules is defined
diff --git a/roles/host/tasks/main.yml b/roles/host/tasks/main.yml
index c8fd897..b68c57e 100644
--- a/roles/host/tasks/main.yml
+++ b/roles/host/tasks/main.yml
@@ -4,11 +4,11 @@
 - ansible.builtin.import_tasks: timezone.yml
   when: host_timezone is defined
 
+- ansible.builtin.import_tasks: packages.yml
+
 - ansible.builtin.import_tasks: mounts.yml
   when: host_mounts is defined
 
-- ansible.builtin.import_tasks: packages.yml
-
 - ansible.builtin.import_tasks: unprivileged-port.yml
   when: host_unprivileged_port_start is defined
 
-- 
cgit