From 08f1aa211ba740fa6bb4b6c6de5bc77feb651570 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 16 Sep 2023 13:36:12 +0200
Subject: Add finer firewall control

---
 personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'personal_infra/playbooks')

diff --git a/personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml b/personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml
index 4df4cc03..38cacab5 100644
--- a/personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml
+++ b/personal_infra/playbooks/roles/deploy_ragent/tasks/main.yml
@@ -33,10 +33,10 @@
     state: restarted
 - name: open firewall
   command: firewall-cmd --permanent --add-port=21488/tcp
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc"
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc" and not network.disable_firewall
 - name: reload firewall
   command: firewall-cmd --reload
-  when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc"
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version in ("7", "8", "9") and ansible_virtualization_type != "lxc" and not network.disable_firewall
 - name: force check
   community.general.nagios:
     action: forced_check
-- 
cgit v1.2.3