Skip to content

Add firewalld/ufw support #722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Add firewalld/ufw support #722

wants to merge 6 commits into from

Conversation

@redy01
Copy link

@redy01 redy01 commented Aug 6, 2024

No description provided.

@redy01 redy01 marked this pull request as ready for review August 6, 2024 19:50
@SDV109
Copy link
Contributor

SDV109 commented Aug 13, 2024

@redy01 Hi, I completed all the settings, started running the ansible playbook-playbook deploy_pgcluster.yml and I get an error:
image

vars/system.yml

# Firewall
firewall_enabled_at_boot: true  # or 'true' for configure firewall
firewall_type: "firewalld"  # available 'iptables','firewalld','ufw'

@vitabaks
Copy link
Owner

try to define three roles in the playbook instead of role: "fw_{{ firewall_type }}", each with its own condition

Example:

  roles:
    - role: fw_iptables
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
        firewall_additional_rules: "{{ firewall_rules_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'iptables' and firewall_enabled_at_boot | bool
      tags: firewall

    - role: fw_firewalld
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'firewalld' and firewall_enabled_at_boot | bool
      tags: firewall

    - role: fw_ufw
      vars:
        firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
      when: firewall_type == 'ufw' and firewall_enabled_at_boot | bool
      tags: firewall

This approach increases clarity and can sometimes simplify troubleshooting by making the playbook's flow more explicit.

@vitabaks
Copy link
Owner

vitabaks commented Aug 19, 2024
edited
Loading

Please note that the ansible code has been moved to the automation directory.

@rausub
Copy link

rausub commented Nov 8, 2024

hi has there been any development on this ? Thanks :) great work guys

@vitabaks
Copy link
Owner

The author of this PR has not completed it yet, I can do it if this functionality is really necessary.

@rausub
Copy link

rausub commented Dec 19, 2024

Hi, yes I believe this functionality is crucial as firewalld is the preferred way to manage on oracle/redhat and ufw in ubuntu. Maintaining iptables + firewalld can become cumbersome, would rather stick with just firewalld . Thanks ! Great work with the project

@vitabaks
Copy link
Owner

If you're interested in this feature, please consider becoming a sponsor.

The development of this feature requires sponsorship to fund developer efforts. If you're already a sponsor and are interested in this feature, please leave a comment here so we can prioritize this issue accordingly.

We also welcome contributions from those willing to dedicate their time to implement this feature on a voluntary basis. Please see the Contributing Guide for more information.

@vitabaks vitabaks added automation Automation functionality using Ansible priority: low labels Feb 21, 2025
@vitabaks vitabaks self-assigned this Jul 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@vitabaks vitabaks

Labels

automation Automation functionality using Ansible priority: low

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@redy01 @SDV109 @vitabaks @rausub