Ansible: restrict access to Zabbix agent port
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index bd7ba9b..bcd5327 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -71,13 +71,16 @@
become: yes
when: ansible_os_family == "Debian"
-- name: allow all networks to access zabbix
+- name: Allow subnets to access zabbix
firewalld:
zone: public
permanent: yes
state: enabled
- port: 10050/tcp
immediate: yes
+ rich_rule: rule family=ipv4 source address="{{ item }}" port port=10050 protocol=tcp accept
+ with_items:
+ - "{{ monitoring_subnets }}"
become: yes
+ become_user: root
when: ansible_os_family == "RedHat"
...
