Hello,
i’m doing questio n°3 →
“We want to block 161/udp port on web1 node permanently. Make a playbook block.yml under ~/playbooks/ directory to do so.”
As for ansible firewalld module, to block you’ve to put state: disabled.
For this tasks, it’s considered an error. I need to put it on enabled, which is wrong.
URI Ansible module: ansible.posix.firewalld module – Manage arbitrary ports/services with firewalld — Ansible Community Documentation
Fix that for others, thanks!
Are you sure? I tried the lab, and in Q3, the solution (which uses the old style of module names), the playbook is shown as:
---
- hosts: web1
tasks:
- firewalld:
port: 161/udp
zone: block
permanent: yes
immediate: yes
state: enabled
If you look at the firewalld docs, enabling to zone block means to block the protocol/port for that task. This is matched by the ansible docs for the firewalld module, as it shows in an example:
- name: Block ICMP echo requests in drop zone
ansible.posix.firewalld:
zone: drop
state: enabled
permanent: true
icmp_block: echo-request
I checked the port using netcat; it appears to work that way:
[root@ansible-controller ~]# nc -u -w2 -v web1 161
[root@ansible-controller ~]# echo $?
1
So I’d guess that disabling that zone would not have the effect you think.
i completely missed the zone drop, sorry, that makes sense. i must be tired 
Thanks for verify that!