W3cubDocs

win_firewall_rule – Windows firewall automation

Synopsis
Parameters
See Also
Examples
Status

Synopsis

Allows you to create/remove/update firewall rules.

Parameters

Parameter	Choices/Defaults	Comments
action string	Choices: allow block	What to do with the items this rule is for. Defaults to `allow` when creating a new rule.
description string		Description for the firewall rule.
direction string	Choices: in out	Whether this rule is for inbound or outbound traffic. Defaults to `in` when creating a new rule.
enabled boolean	Choices: no yes	Whether this firewall rule is enabled or disabled. Defaults to `true` when creating a new rule. aliases: enable
group string added in 2.9		The group name for the rule.
localip string		The local ip address this rule applies to. Set to `any` to apply to all local ip addresses. Defaults to `any` when creating a new rule.
localport string		The local port this rule applies to. Set to `any` to apply to all local ports. Defaults to `any` when creating a new rule. Must have protocol set
name string / required		The rule's display name.
profiles list		The profile this rule applies to. Defaults to `domain,private,public` when creating a new rule. aliases: profile
program string		The program this rule applies to. Set to `any` to apply to all programs. Defaults to `any` when creating a new rule.
protocol string		The protocol this rule applies to. Set to `any` to apply to all services. Defaults to `any` when creating a new rule.
remoteip string		The remote ip address/range this rule applies to. Set to `any` to apply to all remote ip addresses. Defaults to `any` when creating a new rule.
remoteport string		The remote port this rule applies to. Set to `any` to apply to all remote ports. Defaults to `any` when creating a new rule. Must have protocol set
service string		The service this rule applies to. Set to `any` to apply to all services. Defaults to `any` when creating a new rule.
state string	Choices: absent present ←	Should this rule be added or removed.

Examples

- name: Firewall rule to allow SMTP on TCP port 25
  win_firewall_rule:
    name: SMTP
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow RDP on TCP port 3389
  win_firewall_rule:
    name: Remote Desktop
    localport: 3389
    action: allow
    direction: in
    protocol: tcp
    profiles: private
    state: present
    enabled: yes

- name: Firewall rule to be created for application group
  win_firewall_rule:
    name: SMTP
    group: application
    localport: 25
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow port range
  win_firewall_rule:
    name: Sample port range
    localport: 5000-5010
    action: allow
    direction: in
    protocol: tcp
    state: present
    enabled: yes

- name: Firewall rule to allow ICMP v4 (ping)
  win_firewall_rule:
    name: ICMP Allow incoming V4 echo request
    enabled: yes
    state: present
    profiles: private
    action: allow
    direction: in
    protocol: icmpv4

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Artem Zinenko (@ar7z1)
Timothy Vandenbrande (@TimothyVandenbrande)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/win_firewall_rule_module.html

win_firewall_rule – Windows firewall automation

Synopsis

Parameters

See Also

Examples

Status

Authors