Skip to content

Commit 7d60126

Browse files
DonienDonien
committed
Clearify scope of role
1 parent 65478ac commit 7d60126

File tree

1 file changed

+48
-0
lines changed

1 file changed

+48
-0
lines changed

roles/ifw/README.md

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,12 @@ Tasks it can do:
1010
* Configure the Icinga 2 Agent
1111
* Create a valid Icinga 2 certificate
1212

13+
Tasks it will not do:
14+
15+
* Management of custom Monitoring Plugins
16+
* Management of firewall rules outside of Icinga for Windows (like allowing ICMP echo request)
17+
* Management of Check Commands (available as Icinga Config or Director Basket)
18+
1319
Table of contents:
1420

1521
* [Variables](#variables)
@@ -19,6 +25,7 @@ Table of contents:
1925
* [Install Other Plugins](#install-other-plugins)
2026
* [Add Custom Repositories](#add-custom-repositories)
2127
* [Icinga 2 Setup](#icinga-2-setup)
28+
* [Additional Tasks](#additional-tasks)
2229

2330
## Variables
2431

@@ -192,3 +199,44 @@ It adds the global zone `windows-agents`.
192199
roles:
193200
- netways.icinga.ifw
194201
```
202+
203+
204+
## Additional Tasks
205+
206+
This is meant as a hint for additional tasks you may need but which are not covered by Icinga for Windows and this role.
207+
208+
This will use [`community.windows.win_firewall_rule`](https://docs.ansible.com/ansible/latest/collections/community/windows/win_firewall_rule_module.html) to allow ICMP (echo request) in all network zones, so default host checks like `hostalive` work.
209+
210+
```
211+
- name: Allow ICMP (echo request) in firewall
212+
community.windows.win_firewall_rule:
213+
state: present
214+
name: "{{ item.name }}"
215+
enabled: true
216+
profiles: "{{ item.profiles }}"
217+
action: "{{ item.action }}"
218+
direction: "{{ item.direction }}"
219+
protocol: "{{ item.protocol }}"
220+
icmp_type_code: "{{ item.icmp_type }}"
221+
loop:
222+
- name: "Allow inbound ICMPv4 (echo request)"
223+
direction: "in"
224+
protocol: "icmpv4"
225+
icmp_type:
226+
- "8:*"
227+
action: "allow"
228+
profiles:
229+
- "domain"
230+
- "private"
231+
- "public"
232+
- name: "Allow inbound ICMPv6 (echo request)"
233+
direction: "in"
234+
protocol: "icmpv6"
235+
icmp_type:
236+
- "8:*"
237+
action: "allow"
238+
profiles:
239+
- "domain"
240+
- "private"
241+
- "public"
242+
```

0 commit comments

Comments
 (0)