Firewall Service - Ability to have iptables (#20)

* Add firewall service variable to readme * Add firewall service variable to defaults * have tasks use variable * Name the tag as firewall
ansible-lockdown · Jun 24, 2017 · 8806d88 · 8806d88
1 parent 3654c26
commit 8806d88
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -29,6 +29,7 @@ Role Variables
 | `rhel7stig_av_package` | `no` | Anti-virus package(s) to install and service to start and enable. |
 | `rhel7stig_antivirus_required` | `no` | Weather or not an antivirus must be installed |
 | `rhel7stig_time_service` | `chronyd` | Set to `ntpd` or `chronyd`. |
+| `rhel7stig_firewall_service` | `firewalld` | Set to `firewalld` or `iptables`. |
 | `rhel7stig_lftpd_required` | `no` | If set to `no`, remove `lftpd`. |
 | `rhel7stig_tftp_required` | `no` | If set to `no`, remove `tftp` client and server packages. |
 | `rhel7stig_snmp_community` | `Endgam3Ladyb0g` | SNMP community string that will replace `public` and `private` in `snmpd.conf`. |

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -293,6 +293,8 @@ rhel7stig_time_service_configs:
             - regexp: ^#?maxpoll
               line: maxpoll 10
 
+rhel7stig_firewall_service: firewalld              
+
 # RHEL-07-040490
 # If not required, remove lftpd.
 rhel7stig_lftpd_required: no

diff --git a/tasks/fix-cat2.yml b/tasks/fix-cat2.yml
@@ -2179,24 +2179,24 @@
       - medium
       - patch
       - RHEL-07-040510
-      - firewalld
+      - firewall
       - notimplemented
 
 - name: "MEDIUM | RHEL-07-040520 | PATCH | The operating system must enable an application firewall, if available."
   yum:
-      name: firewalld
+      name: "{{ rhel7stig_firewall_service }}"
       state: present
   when: rhel_07_040520
   tags:
       - cat2
       - medium
       - patch
       - RHEL-07-040520
-      - firewalld
+      - firewall
 
 - name: "MEDIUM | RHEL-07-040520 | PATCH | The system must use a local firewall."
   service:
-      name: firewalld
+      name: "{{ rhel7stig_firewall_service }}"
       state: started
       enabled: yes
   when: rhel_07_040520
@@ -2205,7 +2205,7 @@
       - medium
       - patch
       - RHEL-07-040520
-      - firewalld
+      - firewall
 
 - name: "MEDIUM | RHEL-07-040610 | PATCH | The system must not forward Internet Protocol version 4 (IPv4) source-routed packets."
   sysctl: