i'm not an expert, but i think it's the combination of interface and target that's tripping you up. believe you have to splt the interface assignment and the zone assignment into two seperate tasks
On Thu, Aug 3, 2023 at 12:32 AM Deepak B K <[email protected]> wrote: > > > Hi Group, > > I am trying to write an ansible playbook to block all incoming traffic on the > external interfaces . I am getting the error message "parameters are > mutually exclusive:". > > I appreciate a quick help I am missing any mandatory parameters? > > > @title Enable firewall services. > # @comment This tasks enables firewalld services for vms > - name: Enable firewalld service > ansible.builtin.service: > service: firewalld > state: started > > # @title Restrict external interfaces > # @comment This tasks blocks internal traffic from external interfaces. > - name: "Restrict external interfaces" > ansible.posix.firewalld: > interface: "{{ item }}" > permanent: true > state: present > target: 'DROP' > zone: external > with_items: > - "eth2" > - "eth3" > > ************************************************************************************ > failed: [dev-vm3x] (item=eth2) => {"ansible_loop_var": "item", "changed": > false, "item": "eth2", "msg": "parameters are mutually exclusive: > icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target"} > failed: [dev-vm3x] (item=eth3) => {"ansible_loop_var": "item", "changed": > false, "item": "eth3", "msg": "parameters are mutually > ************************************************************************************* > > Thanks and Regards, > Deepak Kumar > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/f3f49ef6-9a92-40b3-a2e1-3c6dfbb038aen%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CABOsP2N_WbNMixZtLNZSCtvFF0x8_%2BPz3gs%3DtXh_ZSzSfAprTw%40mail.gmail.com.
