上QQ阅读APP看书，第一时间看更新

Ensuring that FirewallD is present and enabled

As you can imagine, the first step is to ensure that FirewallD is installed:

- name: Ensure FirewallD is installed 
  yum: 
    name: firewalld 
    state: present 
  become: True

Since we want to be sure that we will not lose our SSH connection when we enable FirewallD, we will ensure that SSH traffic can always pass through it:

- name: Ensure SSH can pass the firewall 
  firewalld: 
    service: ssh 
    state: enabled 
    permanent: True 
    immediate: True 
  become: True

To do so, we have used the firewalld module. This module will take parameters that are very similar to the ones the firewall-cmd console would use. You will have to specify the service that is to be authorized to pass the firewall, whether you want this rule to apply immediately or not, and whether or not you want the rule to be permanent, so that after a reboot the rule will still be present.

You can specify the service name (such as ssh) using the service parameter, or you can specify the port (such as 22/tcp) using the port parameter.

Now that we have installed FirewallD and we are sure that our SSH connection will survive, we can enable it as we do any other service:

- name: Ensure FirewallD is running 
  service: 
    name: firewalld 
    state: started 
    enabled: True 
  become: True