In the lab’s third exercise we’re tasked:
We want to block 161/udp
port on web1
node permanently. Make a playbook block.yml
under ~/playbooks/
directory to do so.
Use zone: block
The solution is given as:
thor@ansible-controller ~/playbooks$ cat /tmp/hassets/answers/block.yml
- hosts: web1
tasks:- firewalld:
port: 161/udp
zone: block
permanent: yes
immediate: yes
state: enabled
- firewalld:
However, according to the latest Ansible documentation for the ‘firewalld’ module at:
https://docs.ansible.com/ansible/latest/modules/firewalld_module.html
It’s stated that:
state
string / required Choices:
- absent
- disabled
- enabled
- present
Enable or disable a setting.
For ports: Should this port accept (enabled) or reject (disabled) connections.
The states present
and absent
can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
So, according to the documentation it would seem that if we want to block the port per the task instructions then the state should be set to disabled, not enabled.as it’s set in the solution. (I couldn’t get my solution to validate given I had my state set to “disabled”.)
Great course by the way!