47 lines
1.3 KiB
YAML
47 lines
1.3 KiB
YAML
- name: Disable some builtin rules
|
|
win_shell: "Set-NetFirewallRule -DisplayGroup '{{ item }}' -Enabled False"
|
|
changed_when: false # no way to tell
|
|
loop: # Get-NetFirewallRule | Where-Object -Property Enabled -eq True
|
|
- "AllJoyn Router"
|
|
- "File and Printer Sharing"
|
|
- "mDNS"
|
|
- "OpenSSH Server"
|
|
- "Secure World Wide Web Services (HTTPS)"
|
|
- "Secure World Wide Web Services (QUIC)"
|
|
- "Windows Remote Management"
|
|
- "World Wide Web Services (HTTP)"
|
|
|
|
- name: Allow ICMP
|
|
win_firewall_rule:
|
|
name: Allow incoming ICMP
|
|
action: allow
|
|
enabled: true
|
|
direction: in
|
|
protocol: icmpv4
|
|
icmp_type_code:
|
|
- '0:*' # echo reply
|
|
- '3:*' # destination unreachable
|
|
- '8:*' # echo request
|
|
- '11:*' # time exceeded
|
|
- '12:*' # parameter problem
|
|
|
|
- name: Allow ICMPv6
|
|
win_firewall_rule:
|
|
name: Allow incoming ICMPv6
|
|
action: allow
|
|
enabled: true
|
|
direction: in
|
|
protocol: icmpv6
|
|
icmp_type_code:
|
|
- '1:*' # destination unreachable
|
|
- '2:*' # packet too big
|
|
- '3:*' # time exceeded
|
|
- '4:*' # parameter problem
|
|
- '128:*' # echo request
|
|
- '129:*' # echo reply
|
|
|
|
- include_tasks: firewall_rule.yml
|
|
loop: "{{ services }}"
|
|
loop_control:
|
|
label: "{{ service.name }}"
|
|
loop_var: service
|