[ansible] ansible 윈도우 방화벽 생성

ansible 윈도우 방화벽 생성

앤서블을 통해 윈도우 방화벽 정책을 생성 시킬수 있다.

방화벽 정책 이름은 service [port]로 설정했다.

---
- name: windows user add
  hosts: all
  vars:
     ansible_connection: winrm
     ansible_winrm_server_cert_validation: ignore
     ansible_winrm_scheme: http
     ansible_become: false
     ansible_winrm_transport: basic
     ansible_port: 5985
  tasks:
    - name: extract result
      win_shell: 'netsh advfirewall firewall add rule name="service {{ port }}" dir="{{ dir }}" action="{{ action }}" protocol="{{ protocol }}" localport="{{ port }}"'
      args:
        executable: cmd
      register: result    
    - name: Query firewall rule
      win_shell: 'netsh advfirewall firewall show rule name="service {{ port }}"'
      args:
        executable: cmd
      register: firewall_info    

    - name: Display firewall info
      debug:
        var: firewall_info.stdout_lines

 

변수 설명

port = port

dir = 통신방향 인바운드인지 아웃바운드인지(in / out)

action= 허용 또는 차단 (allow / block)

protocol= TCP 또는 UDP