From c438daeb3d53e9c145a8a71eb7a7cc512a62c140 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Sun, 4 Dec 2022 19:50:40 +0100
Subject: [PATCH] add firewall

---
 playbooks/firewall.yml        |  4 ++++
 roles/firewall/tasks/main.yml | 21 +++++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 playbooks/firewall.yml
 create mode 100644 roles/firewall/tasks/main.yml

diff --git a/playbooks/firewall.yml b/playbooks/firewall.yml
new file mode 100644
index 0000000..4fe6b7b
--- /dev/null
+++ b/playbooks/firewall.yml
@@ -0,0 +1,4 @@
+- name: Configure firewall
+  hosts: nucs
+  roles:
+    - firewall
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..f048953
--- /dev/null
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Install firewalld
+  apt:
+    pkg:
+      - firewalld
+    state: latest
+    update_cache: true
+- name: Allow SSH
+  firewalld:
+    service: ssh
+    permanent: yes
+    state: enabled
+- name: Allow DHCPv6
+  firewalld:
+    service: dhcpv6-client
+    permanent: yes
+    state: enabled
+- name: Start firewalld
+  systemd:
+    enabled: true
+    name: sshd
+    state: started