Merge pull request #92 from bbezak/firewalld_zones

Add support for setting firewalld zones

README.md

@@ -368,6 +368,24 @@ To apply ethtool options to bond slaves or bridge ports, set the attribute on
 the bond or bridge itself. Setting different options per underlying interface
 is not supported at this time.
 
+14) Configure firewalld zones (RedHat-family only)
+
+  Adding interface to firewalld zone is possible using the `zone` attribute. 
+  This is only supported on distributions of the RedHat family.
+
+  ```yaml
+ - hosts: myhost
+   roles:
+     - role: MichaelRigart.interfaces
+       interfaces_ether_interfaces:
+         - device: eth0
+           bootproto: static
+           address: 192.168.1.150
+           netmask: 255.255.255.0
+           gateway: 192.168.1.1
+           zone: trusted
+ ```
+
 Example Playbook
 ----------------
 

templates/bond_RedHat.j2

@@ -32,6 +32,10 @@ NM_CONTROLLED=no
 MTU={{ item.mtu }}
 {% endif %}
 
+{% if item.zone is defined %}
+ZONE="{{ item.zone }}"
+{% endif %}
+
 {% for bridge in interfaces_bridge_interfaces %}
 {% if item.device in bridge.ports %}
 BRIDGE={{ bridge.device }}

templates/bridge_RedHat.j2

@@ -39,3 +39,7 @@ NM_CONTROLLED=no
 {% if item.mtu is defined %}
 MTU={{ item.mtu }}
 {% endif %}
+
+{% if item.zone is defined %}
+ZONE="{{ item.zone }}"
+{% endif %}

templates/ethernet_RedHat.j2

@@ -48,6 +48,10 @@ VLAN=yes
 MTU={{ item.mtu }}
 {% endif %}
 
+{% if item.zone is defined %}
+ZONE="{{ item.zone }}"
+{% endif %}
+
 {% if item.bootproto == 'static' %}
 {% if item.ip6 is defined %}
 IPV6INIT=yes