2017-03-24 03:01:26 +00:00
|
|
|
- name: Remove potentially leftover firewall rule
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
|
|
|
state: absent
|
|
|
|
action: "{{ item }}"
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
2017-03-24 03:01:26 +00:00
|
|
|
with_items:
|
|
|
|
- allow
|
|
|
|
- block
|
|
|
|
|
|
|
|
- name: Add firewall rule
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: add_firewall_rule
|
|
|
|
|
|
|
|
- name: Check that creating new firewall rule succeeds with a change
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_firewall_rule.changed == true
|
|
|
|
|
|
|
|
- name: Add same firewall rule (again)
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: add_firewall_rule_again
|
|
|
|
|
|
|
|
- name: Check that creating same firewall rule succeeds without a change
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_firewall_rule_again.changed == false
|
|
|
|
|
|
|
|
- name: Remove firewall rule
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: absent
|
|
|
|
localport: 80
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: remove_firewall_rule
|
|
|
|
|
|
|
|
- name: Check that removing existing firewall rule succeeds with a change
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- remove_firewall_rule.changed == true
|
|
|
|
|
|
|
|
- name: Remove absent firewall rule
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: absent
|
|
|
|
localport: 80
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: remove_absent_firewall_rule
|
|
|
|
|
|
|
|
- name: Check that removing non existing firewall rule succeeds without a change
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- remove_absent_firewall_rule.changed == false
|
|
|
|
|
|
|
|
- name: Add firewall rule
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
|
|
|
|
- name: Add different firewall rule
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
action: block
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
ignore_errors: yes
|
|
|
|
register: add_different_firewall_rule_without_force
|
|
|
|
|
|
|
|
- name: Check that creating different firewall rule without enabling force setting fails
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_different_firewall_rule_without_force.failed == true
|
|
|
|
- add_different_firewall_rule_without_force.changed == false
|
|
|
|
|
|
|
|
- name: Add different firewall rule with force setting
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
action: block
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
force: yes
|
|
|
|
register: add_different_firewall_rule_with_force
|
|
|
|
|
|
|
|
- name: Check that creating different firewall rule with enabling force setting succeeds
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_different_firewall_rule_with_force.changed == true
|
|
|
|
|
|
|
|
- name: Add firewall rule when remoteip is range
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.1-192.168.0.5
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
force: yes
|
|
|
|
|
|
|
|
- name: Add same firewall rule when remoteip is range (again)
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.1-192.168.0.5
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: add_firewall_rule_with_range_remoteip_again
|
|
|
|
|
|
|
|
- name: Check that creating same firewall rule when remoteip is range succeeds without a change
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_firewall_rule_with_range_remoteip_again.changed == false
|
|
|
|
|
|
|
|
- name: Add firewall rule when remoteip in CIDR notation
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.0/24
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
force: yes
|
|
|
|
|
|
|
|
- name: Add same firewall rule when remoteip in CIDR notation (again)
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.0/24
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: add_firewall_rule_with_cidr_remoteip_again
|
|
|
|
|
|
|
|
- name: Check that creating same firewall rule succeeds without a change when remoteip in CIDR notation
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_firewall_rule_with_cidr_remoteip_again.changed == false
|
|
|
|
|
|
|
|
- name: Add firewall rule when remoteip contains a netmask
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.0/255.255.255.0
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
force: yes
|
|
|
|
|
|
|
|
- name: Add same firewall rule when remoteip contains a netmask (again)
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.0/255.255.255.0
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: add_firewall_rule_remoteip_contains_netmask_again
|
|
|
|
|
|
|
|
- name: Check that creating same firewall rule succeeds without a change when remoteip contains a netmask
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_firewall_rule_remoteip_contains_netmask_again.changed == false
|
|
|
|
|
|
|
|
- name: Add firewall rule when remoteip is IPv4
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.1
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
force: yes
|
|
|
|
|
|
|
|
- name: Add same firewall rule when remoteip is IPv4 (again)
|
|
|
|
win_firewall_rule:
|
|
|
|
name: http
|
2017-05-30 23:10:34 +00:00
|
|
|
enabled: yes
|
2017-03-24 03:01:26 +00:00
|
|
|
state: present
|
|
|
|
localport: 80
|
|
|
|
remoteip: 192.168.0.1
|
|
|
|
action: allow
|
2017-05-30 23:10:34 +00:00
|
|
|
direction: in
|
|
|
|
protocol: tcp
|
2017-03-24 03:01:26 +00:00
|
|
|
register: add_firewall_rule_with_ipv4_remoteip_again
|
|
|
|
|
|
|
|
- name: Check that creating same firewall rule when remoteip is IPv4 succeeds without a change
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- add_firewall_rule_with_ipv4_remoteip_again.changed == false
|