"Lab - Modules - Firewalls Rules" in the Ansible Certification Prep Course

In the lab’s third exercise we’re tasked:

We want to block 161/udp port on web1 node permanently. Make a playbook block.yml under ~/playbooks/ directory to do so.

Use zone: block

The solution is given as:

thor@ansible-controller ~/playbooks$ cat /tmp/hassets/answers/block.yml

  • hosts: web1
    tasks:
    • firewalld:
      port: 161/udp
      zone: block
      permanent: yes
      immediate: yes
      state: enabled

However, according to the latest Ansible documentation for the ‘firewalld’ module at:

https://docs.ansible.com/ansible/latest/modules/firewalld_module.html

It’s stated that:

state

string / required Choices:

  • absent
  • disabled
  • enabled
  • present

Enable or disable a setting.
For ports: Should this port accept (enabled) or reject (disabled) connections.
The states present and absent can only be used in zone level operations (i.e. when no other parameters but zone and state are set).

So, according to the documentation it would seem that if we want to block the port per the task instructions then the state should be set to disabled, not enabled.as it’s set in the solution. (I couldn’t get my solution to validate given I had my state set to “disabled”.)

Great course by the way! :slight_smile: