In the lab’s third exercise we’re tasked:
We want to block
161/udp port on
web1 node permanently. Make a playbook
~/playbooks/ directory to do so.
The solution is given as:
thor@ansible-controller ~/playbooks$ cat /tmp/hassets/answers/block.yml
- hosts: web1
However, according to the latest Ansible documentation for the ‘firewalld’ module at:
It’s stated that:
string / required Choices:
Enable or disable a setting.
For ports: Should this port accept (enabled) or reject (disabled) connections.
absent can only be used in zone level operations (i.e. when no other parameters but zone and state are set).
So, according to the documentation it would seem that if we want to block the port per the task instructions then the state should be set to disabled, not enabled.as it’s set in the solution. (I couldn’t get my solution to validate given I had my state set to “disabled”.)
Great course by the way!