[DEPRECATION WARNING]: ANSIBLE_COLLECTIONS_PATHS option, does not fit var naming standard, use the singular form ANSIBLE_COLLECTIONS_PATH instead. This feature will be removed from ansible-core in version 2.19. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. ansible-playbook [core 2.17.2] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.12/site-packages/ansible ansible collection location = /tmp/tmp.Y9FdIZtjXP executable location = /usr/local/bin/ansible-playbook python version = 3.12.4 (main, Jun 7 2024, 00:00:00) [GCC 14.1.1 20240607 (Red Hat 14.1.1-5)] (/usr/bin/python3.12) jinja version = 3.1.4 libyaml = True No config file found; using defaults running playbook inside collection fedora.linux_system_roles redirecting (type: callback) ansible.builtin.debug to ansible.posix.debug redirecting (type: callback) ansible.builtin.debug to ansible.posix.debug redirecting (type: callback) ansible.builtin.profile_tasks to ansible.posix.profile_tasks Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: tests_firewall_fact.yml ********************************************** 1 plays in /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml PLAY [Test firewall ansible fact] ********************************************** TASK [Gathering Facts] ********************************************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:2 Saturday 27 July 2024 02:26:52 -0400 (0:00:00.007) 0:00:00.007 ********* [WARNING]: Platform linux on host managed_node1 is using the discovered Python interpreter at /usr/bin/python3.12, but future installation of another Python interpreter could change the meaning of that path. See https://docs.ansible.com/ansible- core/2.17/reference_appendices/interpreter_discovery.html for more information. ok: [managed_node1] TASK [Start with default configuration] **************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:8 Saturday 27 July 2024 02:26:54 -0400 (0:00:02.626) 0:00:02.634 ********* included: fedora.linux_system_roles.firewall for managed_node1 TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 27 July 2024 02:26:54 -0400 (0:00:00.037) 0:00:02.671 ********* included: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for managed_node1 TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 27 July 2024 02:26:54 -0400 (0:00:00.024) 0:00:02.696 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 27 July 2024 02:26:54 -0400 (0:00:00.020) 0:00:02.717 ********* ok: [managed_node1] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 27 July 2024 02:26:55 -0400 (0:00:00.462) 0:00:03.179 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_is_ostree": false }, "changed": false } TASK [fedora.linux_system_roles.firewall : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:22 Saturday 27 July 2024 02:26:55 -0400 (0:00:00.022) 0:00:03.202 ********* ok: [managed_node1] => { "changed": false, "stat": { "exists": false } } TASK [fedora.linux_system_roles.firewall : Set flag if transactional-update exists] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:27 Saturday 27 July 2024 02:26:55 -0400 (0:00:00.377) 0:00:03.579 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_is_transactional": false }, "changed": false } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 Saturday 27 July 2024 02:26:55 -0400 (0:00:00.023) 0:00:03.602 ********* ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:43 Saturday 27 July 2024 02:26:57 -0400 (0:00:01.418) 0:00:05.021 ********* skipping: [managed_node1] => { "false_condition": "__firewall_is_transactional | d(false)" } TASK [fedora.linux_system_roles.firewall : Reboot transactional update systems] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:48 Saturday 27 July 2024 02:26:57 -0400 (0:00:00.019) 0:00:05.040 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Fail if reboot is needed and not set] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:53 Saturday 27 July 2024 02:26:57 -0400 (0:00:00.021) 0:00:05.062 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 27 July 2024 02:26:57 -0400 (0:00:00.020) 0:00:05.083 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 27 July 2024 02:26:57 -0400 (0:00:00.016) 0:00:05.100 ********* skipping: [managed_node1] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 27 July 2024 02:26:57 -0400 (0:00:00.023) 0:00:05.123 ********* ok: [managed_node1] => { "changed": false, "name": "firewalld", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13256317000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3347787776", "MemoryCurrent": "41095168", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 27 July 2024 02:26:58 -0400 (0:00:00.742) 0:00:05.865 ********* ok: [managed_node1] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13256317000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3347693568", "MemoryCurrent": "41095168", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 27 July 2024 02:26:58 -0400 (0:00:00.545) 0:00:06.411 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_previous_replaced": true, "__firewall_python_cmd": "/usr/bin/python3.12", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 27 July 2024 02:26:58 -0400 (0:00:00.029) 0:00:06.441 ********* ok: [managed_node1] => { "changed": false, "rc": 0 } STDOUT: 5ac184c65a9229835cdd179a0157f807e9cf78989d72bcc66588894e1c0dac10 /etc/firewalld/firewalld.conf STDERR: OpenSSH_9.6p1, OpenSSL 3.2.1 30 Jan 2024 debug1: Reading configuration data /root/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug2: checking match for 'final all' host 10.31.46.95 originally 10.31.46.95 debug2: match not found debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug2: resolve_canonicalize: hostname 10.31.46.95 is address debug1: re-parsing configuration debug1: Reading configuration data /root/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug2: checking match for 'final all' host 10.31.46.95 originally 10.31.46.95 debug2: match found debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: auto-mux: Trying existing master at '/root/.ansible/cp/c587a5ab2c' debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug1: mux_client_request_session: master session id: 2 debug2: Received exit status from master 0 Shared connection to 10.31.46.95 closed. TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.684) 0:00:07.125 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_report_changed": false }, "changed": false } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.021) 0:00:07.147 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.029) 0:00:07.177 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.025) 0:00:07.202 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.027) 0:00:07.229 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.021) 0:00:07.250 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.019) 0:00:07.270 ********* ok: [managed_node1] => { "changed": false, "rc": 0 } STDOUT: 5ac184c65a9229835cdd179a0157f807e9cf78989d72bcc66588894e1c0dac10 /etc/firewalld/firewalld.conf STDERR: OpenSSH_9.6p1, OpenSSL 3.2.1 30 Jan 2024 debug1: Reading configuration data /root/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug2: checking match for 'final all' host 10.31.46.95 originally 10.31.46.95 debug2: match not found debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug2: resolve_canonicalize: hostname 10.31.46.95 is address debug1: re-parsing configuration debug1: Reading configuration data /root/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug2: checking match for 'final all' host 10.31.46.95 originally 10.31.46.95 debug2: match found debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: auto-mux: Trying existing master at '/root/.ansible/cp/c587a5ab2c' debug2: fd 3 setting O_NONBLOCK debug2: mux_client_hello_exchange: master version 4 debug1: mux_client_request_session: master session id: 2 debug2: Received exit status from master 0 Shared connection to 10.31.46.95 closed. TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.309) 0:00:07.579 ********* ok: [managed_node1] => { "ansible_facts": { "firewall_lib_result": { "changed": false } }, "changed": false } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.025) 0:00:07.605 ********* skipping: [managed_node1] => { "false_condition": "__firewall_debug | d(false)" } TASK [Get default zone] ******************************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:15 Saturday 27 July 2024 02:26:59 -0400 (0:00:00.022) 0:00:07.628 ********* ok: [managed_node1] => { "changed": false, "cmd": [ "firewall-cmd", "--get-default-zone" ], "delta": "0:00:00.182971", "end": "2024-07-27 02:27:00.469029", "rc": 0, "start": "2024-07-27 02:27:00.286058" } STDOUT: public TASK [Get default ansible fact] ************************************************ task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:22 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.639) 0:00:08.267 ********* included: fedora.linux_system_roles.firewall for managed_node1 TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.043) 0:00:08.311 ********* included: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for managed_node1 TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.023) 0:00:08.335 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.024) 0:00:08.359 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.018) 0:00:08.377 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:22 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.020) 0:00:08.398 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag if transactional-update exists] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:27 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.017) 0:00:08.416 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 Saturday 27 July 2024 02:27:00 -0400 (0:00:00.018) 0:00:08.434 ********* ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:43 Saturday 27 July 2024 02:27:02 -0400 (0:00:01.309) 0:00:09.743 ********* skipping: [managed_node1] => { "false_condition": "__firewall_is_transactional | d(false)" } TASK [fedora.linux_system_roles.firewall : Reboot transactional update systems] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:48 Saturday 27 July 2024 02:27:02 -0400 (0:00:00.021) 0:00:09.764 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Fail if reboot is needed and not set] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:53 Saturday 27 July 2024 02:27:02 -0400 (0:00:00.019) 0:00:09.784 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 27 July 2024 02:27:02 -0400 (0:00:00.018) 0:00:09.803 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 27 July 2024 02:27:02 -0400 (0:00:00.019) 0:00:09.822 ********* skipping: [managed_node1] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 27 July 2024 02:27:02 -0400 (0:00:00.024) 0:00:09.847 ********* ok: [managed_node1] => { "changed": false, "name": "firewalld", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13439312000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3355660288", "MemoryCurrent": "41123840", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "5", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 27 July 2024 02:27:02 -0400 (0:00:00.545) 0:00:10.392 ********* ok: [managed_node1] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13439312000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3373588480", "MemoryCurrent": "41123840", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "5", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.542) 0:00:10.934 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python3.12", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.028) 0:00:10.963 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.018) 0:00:10.981 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.016) 0:00:10.998 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.026) 0:00:11.024 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.024) 0:00:11.049 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall != None", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.013) 0:00:11.063 ********* ok: [managed_node1] => { "changed": false, "firewall_config": { "default": { "helpers": [ "irc", "netbios-ns", "amanda", "sane", "sip", "tftp", "Q.931", "RAS", "proto-gre", "pptp", "h323", "ftp", "snmp" ], "icmptypes": [ "tos-host-redirect", "fragmentation-needed", "host-redirect", "required-option-missing", "unknown-option", "router-advertisement", "ip-header-bad", "source-route-failed", "address-unreachable", "network-unknown", "network-redirect", "redirect", "reject-route", "mld-listener-done", "packet-too-big", "precedence-cutoff", "protocol-unreachable", "communication-prohibited", "no-route", "host-precedence-violation", "source-quench", "port-unreachable", "time-exceeded", "mld-listener-report", "echo-request", "unknown-header-type", "mld-listener-query", "bad-header", "parameter-problem", "beyond-scope", "host-unreachable", "host-unknown", "mld2-listener-report", "router-solicitation", "timestamp-reply", "tos-network-unreachable", "network-unreachable", "timestamp-request", "ttl-zero-during-transit", "host-prohibited", "destination-unreachable", "tos-network-redirect", "failed-policy", "echo-reply", "network-prohibited", "tos-host-unreachable", "ttl-zero-during-reassembly", "neighbour-advertisement", "neighbour-solicitation" ], "policies": [ "allow-host-ipv6" ], "services": [ "xmpp-client", "dropbox-lansync", "dns-over-quic", "sips", "bb", "zabbix-web-service", "cfengine", "pmwebapis", "finger", "ausweisapp2", "jenkins", "irc", "nbd", "svdrp", "netbios-ns", "mqtt-tls", "bgp", "wsman", "foreman", "llmnr-tcp", "afp", "ldaps", "wireguard", "dhcp", "zabbix-agent", "managesieve", "checkmk-agent", "pulseaudio", "ptp", "proxy-dhcp", "xdmcp", "smtp", "steam-streaming", "xmpp-bosh", "nfs3", "xmpp-local", "rpc-bind", "grafana", "ceph-mon", "llmnr-client", "high-availability", "kube-control-plane", "snmptrap", "zabbix-java-gateway", "sane", "pop3s", "zerotier", "libvirt-tls", "zabbix-server", "libvirt", "mssql", "mountd", "sip", "pmwebapi", "imaps", "puppetmaster", "gre", "nmea-0183", "ipfs", "ipp", "kubelet", "upnp-client", "openvpn", "galera", "dns", "svn", "opentelemetry", "etcd-server", "syslog-tls", "ldap", "samba-client", "nrpe", "ms-wbt", "bitcoin", "tftp", "mosh", "synergy", "freeipa-replication", "bitcoin-testnet-rpc", "rtsp", "kube-nodeport-services", "syncthing-relay", "alvr", "docker-swarm", "kube-api", "postgresql", "freeipa-trust", "bacula", "kube-control-plane-secure", "tile38", "anno-1800", "zabbix-trapper", "prometheus-node-exporter", "rsyncd", "quassel", "syscomlan", "ws-discovery-udp", "klogin", "syslog", "bitcoin-testnet", "dhcpv6", "warpinator", "squid", "samba-dc", "vdsm", "civilization-v", "statsrv", "ceph", "iscsi-target", "radius", "tinc", "rdp", "anno-1602", "ganglia-master", "vnc-server", "collectd", "RH-Satellite-6", "kube-worker", "nfs", "syncthing-gui", "imap", "llmnr", "distcc", "lightning-network", "vrrp", "civilization-iv", "matrix", "wbem-https", "transmission-client", "pmcd", "kibana", "ssh", "smtps", "ntp", "ws-discovery-client", "snmptls-trap", "slp", "nut", "murmur", "cratedb", "spotify-sync", "amqps", "plex", "telnet", "rsh", "wbem-http", "amqp", "kubelet-readonly", "mysql", "http", "llmnr-udp", "mdns", "apcupsd", "kpasswd", "http3", "settlers-history-collection", "bareos-director", "amanda-k5-client", "elasticsearch", "ctdb", "syncthing", "ovirt-imageio", "mongodb", "isns", "rquotad", "amanda-client", "redis-sentinel", "kube-apiserver", "stellaris", "ps3netsrv", "kerberos", "nebula", "bareos-storage", "etcd-client", "freeipa-ldaps", "tentacle", "condor-collector", "pop3", "kube-scheduler", "snmptls", "ftp", "need-for-speed-most-wanted", "audit", "zero-k", "freeipa-ldap", "gpsd", "0-AD", "ceph-exporter", "bacula-client", "snmp", "dds-unicast", "minidlna", "bittorrent-lsd", "ws-discovery", "xmpp-server", "samba", "kube-controller-manager", "memcache", "kshell", "privoxy", "netdata-dashboard", "kadmin", "pmproxy", "minecraft", "ipp-client", "dds", "smtp-submission", "mqtt", "ovirt-vmconsole", "ganglia-client", "supertuxkart", "freeipa-4", "kubelet-worker", "docker-registry", "ircs", "wsmans", "ps2link", "ipsec", "salt-master", "foreman-proxy", "stronghold-crusader", "cockpit", "prometheus", "terraria", "git", "ws-discovery-tcp", "spideroak-lansync", "ident", "tor-socks", "kprop", "bareos-filedaemon", "kdeconnect", "submission", "kube-controller-manager-secure", "kube-scheduler-secure", "https", "ssdp", "redis", "factorio", "dhcpv6-client", "dns-over-tls", "bitcoin-rpc", "RH-Satellite-6-capsule", "dds-multicast", "ovirt-storageconsole" ], "zones": [ "FedoraWorkstation", "block", "public", "external", "drop", "nm-shared", "FedoraServer", "internal", "work", "trusted", "home", "dmz" ] }, "default_zone": "public" } } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.533) 0:00:11.597 ********* ok: [managed_node1] => { "ansible_facts": { "firewall_config": { "default": { "helpers": [ "irc", "netbios-ns", "amanda", "sane", "sip", "tftp", "Q.931", "RAS", "proto-gre", "pptp", "h323", "ftp", "snmp" ], "icmptypes": [ "tos-host-redirect", "fragmentation-needed", "host-redirect", "required-option-missing", "unknown-option", "router-advertisement", "ip-header-bad", "source-route-failed", "address-unreachable", "network-unknown", "network-redirect", "redirect", "reject-route", "mld-listener-done", "packet-too-big", "precedence-cutoff", "protocol-unreachable", "communication-prohibited", "no-route", "host-precedence-violation", "source-quench", "port-unreachable", "time-exceeded", "mld-listener-report", "echo-request", "unknown-header-type", "mld-listener-query", "bad-header", "parameter-problem", "beyond-scope", "host-unreachable", "host-unknown", "mld2-listener-report", "router-solicitation", "timestamp-reply", "tos-network-unreachable", "network-unreachable", "timestamp-request", "ttl-zero-during-transit", "host-prohibited", "destination-unreachable", "tos-network-redirect", "failed-policy", "echo-reply", "network-prohibited", "tos-host-unreachable", "ttl-zero-during-reassembly", "neighbour-advertisement", "neighbour-solicitation" ], "policies": [ "allow-host-ipv6" ], "services": [ "xmpp-client", "dropbox-lansync", "dns-over-quic", "sips", "bb", "zabbix-web-service", "cfengine", "pmwebapis", "finger", "ausweisapp2", "jenkins", "irc", "nbd", "svdrp", "netbios-ns", "mqtt-tls", "bgp", "wsman", "foreman", "llmnr-tcp", "afp", "ldaps", "wireguard", "dhcp", "zabbix-agent", "managesieve", "checkmk-agent", "pulseaudio", "ptp", "proxy-dhcp", "xdmcp", "smtp", "steam-streaming", "xmpp-bosh", "nfs3", "xmpp-local", "rpc-bind", "grafana", "ceph-mon", "llmnr-client", "high-availability", "kube-control-plane", "snmptrap", "zabbix-java-gateway", "sane", "pop3s", "zerotier", "libvirt-tls", "zabbix-server", "libvirt", "mssql", "mountd", "sip", "pmwebapi", "imaps", "puppetmaster", "gre", "nmea-0183", "ipfs", "ipp", "kubelet", "upnp-client", "openvpn", "galera", "dns", "svn", "opentelemetry", "etcd-server", "syslog-tls", "ldap", "samba-client", "nrpe", "ms-wbt", "bitcoin", "tftp", "mosh", "synergy", "freeipa-replication", "bitcoin-testnet-rpc", "rtsp", "kube-nodeport-services", "syncthing-relay", "alvr", "docker-swarm", "kube-api", "postgresql", "freeipa-trust", "bacula", "kube-control-plane-secure", "tile38", "anno-1800", "zabbix-trapper", "prometheus-node-exporter", "rsyncd", "quassel", "syscomlan", "ws-discovery-udp", "klogin", "syslog", "bitcoin-testnet", "dhcpv6", "warpinator", "squid", "samba-dc", "vdsm", "civilization-v", "statsrv", "ceph", "iscsi-target", "radius", "tinc", "rdp", "anno-1602", "ganglia-master", "vnc-server", "collectd", "RH-Satellite-6", "kube-worker", "nfs", "syncthing-gui", "imap", "llmnr", "distcc", "lightning-network", "vrrp", "civilization-iv", "matrix", "wbem-https", "transmission-client", "pmcd", "kibana", "ssh", "smtps", "ntp", "ws-discovery-client", "snmptls-trap", "slp", "nut", "murmur", "cratedb", "spotify-sync", "amqps", "plex", "telnet", "rsh", "wbem-http", "amqp", "kubelet-readonly", "mysql", "http", "llmnr-udp", "mdns", "apcupsd", "kpasswd", "http3", "settlers-history-collection", "bareos-director", "amanda-k5-client", "elasticsearch", "ctdb", "syncthing", "ovirt-imageio", "mongodb", "isns", "rquotad", "amanda-client", "redis-sentinel", "kube-apiserver", "stellaris", "ps3netsrv", "kerberos", "nebula", "bareos-storage", "etcd-client", "freeipa-ldaps", "tentacle", "condor-collector", "pop3", "kube-scheduler", "snmptls", "ftp", "need-for-speed-most-wanted", "audit", "zero-k", "freeipa-ldap", "gpsd", "0-AD", "ceph-exporter", "bacula-client", "snmp", "dds-unicast", "minidlna", "bittorrent-lsd", "ws-discovery", "xmpp-server", "samba", "kube-controller-manager", "memcache", "kshell", "privoxy", "netdata-dashboard", "kadmin", "pmproxy", "minecraft", "ipp-client", "dds", "smtp-submission", "mqtt", "ovirt-vmconsole", "ganglia-client", "supertuxkart", "freeipa-4", "kubelet-worker", "docker-registry", "ircs", "wsmans", "ps2link", "ipsec", "salt-master", "foreman-proxy", "stronghold-crusader", "cockpit", "prometheus", "terraria", "git", "ws-discovery-tcp", "spideroak-lansync", "ident", "tor-socks", "kprop", "bareos-filedaemon", "kdeconnect", "submission", "kube-controller-manager-secure", "kube-scheduler-secure", "https", "ssdp", "redis", "factorio", "dhcpv6-client", "dns-over-tls", "bitcoin-rpc", "RH-Satellite-6-capsule", "dds-multicast", "ovirt-storageconsole" ], "zones": [ "FedoraWorkstation", "block", "public", "external", "drop", "nm-shared", "FedoraServer", "internal", "work", "trusted", "home", "dmz" ] }, "default_zone": "public" } }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.032) 0:00:11.630 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.017) 0:00:11.647 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.017) 0:00:11.665 ********* skipping: [managed_node1] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if firewall_config is undefined] ************************************ task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:28 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.020) 0:00:11.686 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_config is undefined", "skip_reason": "Conditional result was False" } TASK [Fail if firewall_config custom exists] *********************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:33 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.017) 0:00:11.704 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "'custom' in firewall_config", "skip_reason": "Conditional result was False" } TASK [Fail if firewall_config defaults do not have attributes] ***************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:38 Saturday 27 July 2024 02:27:03 -0400 (0:00:00.013) 0:00:11.717 ********* skipping: [managed_node1] => (item={'key': 'zones', 'value': ['FedoraWorkstation', 'block', 'public', 'external', 'drop', 'nm-shared', 'FedoraServer', 'internal', 'work', 'trusted', 'home', 'dmz']}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item | length == 0", "item": { "key": "zones", "value": [ "FedoraWorkstation", "block", "public", "external", "drop", "nm-shared", "FedoraServer", "internal", "work", "trusted", "home", "dmz" ] }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'key': 'services', 'value': ['xmpp-client', 'dropbox-lansync', 'dns-over-quic', 'sips', 'bb', 'zabbix-web-service', 'cfengine', 'pmwebapis', 'finger', 'ausweisapp2', 'jenkins', 'irc', 'nbd', 'svdrp', 'netbios-ns', 'mqtt-tls', 'bgp', 'wsman', 'foreman', 'llmnr-tcp', 'afp', 'ldaps', 'wireguard', 'dhcp', 'zabbix-agent', 'managesieve', 'checkmk-agent', 'pulseaudio', 'ptp', 'proxy-dhcp', 'xdmcp', 'smtp', 'steam-streaming', 'xmpp-bosh', 'nfs3', 'xmpp-local', 'rpc-bind', 'grafana', 'ceph-mon', 'llmnr-client', 'high-availability', 'kube-control-plane', 'snmptrap', 'zabbix-java-gateway', 'sane', 'pop3s', 'zerotier', 'libvirt-tls', 'zabbix-server', 'libvirt', 'mssql', 'mountd', 'sip', 'pmwebapi', 'imaps', 'puppetmaster', 'gre', 'nmea-0183', 'ipfs', 'ipp', 'kubelet', 'upnp-client', 'openvpn', 'galera', 'dns', 'svn', 'opentelemetry', 'etcd-server', 'syslog-tls', 'ldap', 'samba-client', 'nrpe', 'ms-wbt', 'bitcoin', 'tftp', 'mosh', 'synergy', 'freeipa-replication', 'bitcoin-testnet-rpc', 'rtsp', 'kube-nodeport-services', 'syncthing-relay', 'alvr', 'docker-swarm', 'kube-api', 'postgresql', 'freeipa-trust', 'bacula', 'kube-control-plane-secure', 'tile38', 'anno-1800', 'zabbix-trapper', 'prometheus-node-exporter', 'rsyncd', 'quassel', 'syscomlan', 'ws-discovery-udp', 'klogin', 'syslog', 'bitcoin-testnet', 'dhcpv6', 'warpinator', 'squid', 'samba-dc', 'vdsm', 'civilization-v', 'statsrv', 'ceph', 'iscsi-target', 'radius', 'tinc', 'rdp', 'anno-1602', 'ganglia-master', 'vnc-server', 'collectd', 'RH-Satellite-6', 'kube-worker', 'nfs', 'syncthing-gui', 'imap', 'llmnr', 'distcc', 'lightning-network', 'vrrp', 'civilization-iv', 'matrix', 'wbem-https', 'transmission-client', 'pmcd', 'kibana', 'ssh', 'smtps', 'ntp', 'ws-discovery-client', 'snmptls-trap', 'slp', 'nut', 'murmur', 'cratedb', 'spotify-sync', 'amqps', 'plex', 'telnet', 'rsh', 'wbem-http', 'amqp', 'kubelet-readonly', 'mysql', 'http', 'llmnr-udp', 'mdns', 'apcupsd', 'kpasswd', 'http3', 'settlers-history-collection', 'bareos-director', 'amanda-k5-client', 'elasticsearch', 'ctdb', 'syncthing', 'ovirt-imageio', 'mongodb', 'isns', 'rquotad', 'amanda-client', 'redis-sentinel', 'kube-apiserver', 'stellaris', 'ps3netsrv', 'kerberos', 'nebula', 'bareos-storage', 'etcd-client', 'freeipa-ldaps', 'tentacle', 'condor-collector', 'pop3', 'kube-scheduler', 'snmptls', 'ftp', 'need-for-speed-most-wanted', 'audit', 'zero-k', 'freeipa-ldap', 'gpsd', '0-AD', 'ceph-exporter', 'bacula-client', 'snmp', 'dds-unicast', 'minidlna', 'bittorrent-lsd', 'ws-discovery', 'xmpp-server', 'samba', 'kube-controller-manager', 'memcache', 'kshell', 'privoxy', 'netdata-dashboard', 'kadmin', 'pmproxy', 'minecraft', 'ipp-client', 'dds', 'smtp-submission', 'mqtt', 'ovirt-vmconsole', 'ganglia-client', 'supertuxkart', 'freeipa-4', 'kubelet-worker', 'docker-registry', 'ircs', 'wsmans', 'ps2link', 'ipsec', 'salt-master', 'foreman-proxy', 'stronghold-crusader', 'cockpit', 'prometheus', 'terraria', 'git', 'ws-discovery-tcp', 'spideroak-lansync', 'ident', 'tor-socks', 'kprop', 'bareos-filedaemon', 'kdeconnect', 'submission', 'kube-controller-manager-secure', 'kube-scheduler-secure', 'https', 'ssdp', 'redis', 'factorio', 'dhcpv6-client', 'dns-over-tls', 'bitcoin-rpc', 'RH-Satellite-6-capsule', 'dds-multicast', 'ovirt-storageconsole']}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item | length == 0", "item": { "key": "services", "value": [ "xmpp-client", "dropbox-lansync", "dns-over-quic", "sips", "bb", "zabbix-web-service", "cfengine", "pmwebapis", "finger", "ausweisapp2", "jenkins", "irc", "nbd", "svdrp", "netbios-ns", "mqtt-tls", "bgp", "wsman", "foreman", "llmnr-tcp", "afp", "ldaps", "wireguard", "dhcp", "zabbix-agent", "managesieve", "checkmk-agent", "pulseaudio", "ptp", "proxy-dhcp", "xdmcp", "smtp", "steam-streaming", "xmpp-bosh", "nfs3", "xmpp-local", "rpc-bind", "grafana", "ceph-mon", "llmnr-client", "high-availability", "kube-control-plane", "snmptrap", "zabbix-java-gateway", "sane", "pop3s", "zerotier", "libvirt-tls", "zabbix-server", "libvirt", "mssql", "mountd", "sip", "pmwebapi", "imaps", "puppetmaster", "gre", "nmea-0183", "ipfs", "ipp", "kubelet", "upnp-client", "openvpn", "galera", "dns", "svn", "opentelemetry", "etcd-server", "syslog-tls", "ldap", "samba-client", "nrpe", "ms-wbt", "bitcoin", "tftp", "mosh", "synergy", "freeipa-replication", "bitcoin-testnet-rpc", "rtsp", "kube-nodeport-services", "syncthing-relay", "alvr", "docker-swarm", "kube-api", "postgresql", "freeipa-trust", "bacula", "kube-control-plane-secure", "tile38", "anno-1800", "zabbix-trapper", "prometheus-node-exporter", "rsyncd", "quassel", "syscomlan", "ws-discovery-udp", "klogin", "syslog", "bitcoin-testnet", "dhcpv6", "warpinator", "squid", "samba-dc", "vdsm", "civilization-v", "statsrv", "ceph", "iscsi-target", "radius", "tinc", "rdp", "anno-1602", "ganglia-master", "vnc-server", "collectd", "RH-Satellite-6", "kube-worker", "nfs", "syncthing-gui", "imap", "llmnr", "distcc", "lightning-network", "vrrp", "civilization-iv", "matrix", "wbem-https", "transmission-client", "pmcd", "kibana", "ssh", "smtps", "ntp", "ws-discovery-client", "snmptls-trap", "slp", "nut", "murmur", "cratedb", "spotify-sync", "amqps", "plex", "telnet", "rsh", "wbem-http", "amqp", "kubelet-readonly", "mysql", "http", "llmnr-udp", "mdns", "apcupsd", "kpasswd", "http3", "settlers-history-collection", "bareos-director", "amanda-k5-client", "elasticsearch", "ctdb", "syncthing", "ovirt-imageio", "mongodb", "isns", "rquotad", "amanda-client", "redis-sentinel", "kube-apiserver", "stellaris", "ps3netsrv", "kerberos", "nebula", "bareos-storage", "etcd-client", "freeipa-ldaps", "tentacle", "condor-collector", "pop3", "kube-scheduler", "snmptls", "ftp", "need-for-speed-most-wanted", "audit", "zero-k", "freeipa-ldap", "gpsd", "0-AD", "ceph-exporter", "bacula-client", "snmp", "dds-unicast", "minidlna", "bittorrent-lsd", "ws-discovery", "xmpp-server", "samba", "kube-controller-manager", "memcache", "kshell", "privoxy", "netdata-dashboard", "kadmin", "pmproxy", "minecraft", "ipp-client", "dds", "smtp-submission", "mqtt", "ovirt-vmconsole", "ganglia-client", "supertuxkart", "freeipa-4", "kubelet-worker", "docker-registry", "ircs", "wsmans", "ps2link", "ipsec", "salt-master", "foreman-proxy", "stronghold-crusader", "cockpit", "prometheus", "terraria", "git", "ws-discovery-tcp", "spideroak-lansync", "ident", "tor-socks", "kprop", "bareos-filedaemon", "kdeconnect", "submission", "kube-controller-manager-secure", "kube-scheduler-secure", "https", "ssdp", "redis", "factorio", "dhcpv6-client", "dns-over-tls", "bitcoin-rpc", "RH-Satellite-6-capsule", "dds-multicast", "ovirt-storageconsole" ] }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'key': 'icmptypes', 'value': ['tos-host-redirect', 'fragmentation-needed', 'host-redirect', 'required-option-missing', 'unknown-option', 'router-advertisement', 'ip-header-bad', 'source-route-failed', 'address-unreachable', 'network-unknown', 'network-redirect', 'redirect', 'reject-route', 'mld-listener-done', 'packet-too-big', 'precedence-cutoff', 'protocol-unreachable', 'communication-prohibited', 'no-route', 'host-precedence-violation', 'source-quench', 'port-unreachable', 'time-exceeded', 'mld-listener-report', 'echo-request', 'unknown-header-type', 'mld-listener-query', 'bad-header', 'parameter-problem', 'beyond-scope', 'host-unreachable', 'host-unknown', 'mld2-listener-report', 'router-solicitation', 'timestamp-reply', 'tos-network-unreachable', 'network-unreachable', 'timestamp-request', 'ttl-zero-during-transit', 'host-prohibited', 'destination-unreachable', 'tos-network-redirect', 'failed-policy', 'echo-reply', 'network-prohibited', 'tos-host-unreachable', 'ttl-zero-during-reassembly', 'neighbour-advertisement', 'neighbour-solicitation']}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item | length == 0", "item": { "key": "icmptypes", "value": [ "tos-host-redirect", "fragmentation-needed", "host-redirect", "required-option-missing", "unknown-option", "router-advertisement", "ip-header-bad", "source-route-failed", "address-unreachable", "network-unknown", "network-redirect", "redirect", "reject-route", "mld-listener-done", "packet-too-big", "precedence-cutoff", "protocol-unreachable", "communication-prohibited", "no-route", "host-precedence-violation", "source-quench", "port-unreachable", "time-exceeded", "mld-listener-report", "echo-request", "unknown-header-type", "mld-listener-query", "bad-header", "parameter-problem", "beyond-scope", "host-unreachable", "host-unknown", "mld2-listener-report", "router-solicitation", "timestamp-reply", "tos-network-unreachable", "network-unreachable", "timestamp-request", "ttl-zero-during-transit", "host-prohibited", "destination-unreachable", "tos-network-redirect", "failed-policy", "echo-reply", "network-prohibited", "tos-host-unreachable", "ttl-zero-during-reassembly", "neighbour-advertisement", "neighbour-solicitation" ] }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'key': 'helpers', 'value': ['irc', 'netbios-ns', 'amanda', 'sane', 'sip', 'tftp', 'Q.931', 'RAS', 'proto-gre', 'pptp', 'h323', 'ftp', 'snmp']}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item | length == 0", "item": { "key": "helpers", "value": [ "irc", "netbios-ns", "amanda", "sane", "sip", "tftp", "Q.931", "RAS", "proto-gre", "pptp", "h323", "ftp", "snmp" ] }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'key': 'policies', 'value': ['allow-host-ipv6']}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item | length == 0", "item": { "key": "policies", "value": [ "allow-host-ipv6" ] }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => { "changed": false } MSG: All items skipped TASK [Fail if default zone is not correct] ************************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:44 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.048) 0:00:11.765 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_config.default_zone != __default_zone.stdout", "skip_reason": "Conditional result was False" } TASK [Save default ansible fact value] ***************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:49 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.013) 0:00:11.779 ********* ok: [managed_node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Modify firewalld configuration] ****************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:56 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.024) 0:00:11.803 ********* ok: [managed_node1] => { "changed": false, "cmd": "firewall-cmd --permanent --add-service https\nfirewall-cmd --permanent --new-service custom\n", "delta": "0:00:00.381127", "end": "2024-07-27 02:27:04.759906", "rc": 0, "start": "2024-07-27 02:27:04.378779" } STDOUT: success success TASK [Refetch firewall_config] ************************************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:63 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.754) 0:00:12.558 ********* included: fedora.linux_system_roles.firewall for managed_node1 TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.056) 0:00:12.615 ********* included: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for managed_node1 TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.023) 0:00:12.638 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.022) 0:00:12.661 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.018) 0:00:12.679 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:22 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.017) 0:00:12.696 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag if transactional-update exists] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:27 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.020) 0:00:12.717 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 Saturday 27 July 2024 02:27:04 -0400 (0:00:00.017) 0:00:12.734 ********* ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:43 Saturday 27 July 2024 02:27:06 -0400 (0:00:01.316) 0:00:14.050 ********* skipping: [managed_node1] => { "false_condition": "__firewall_is_transactional | d(false)" } TASK [fedora.linux_system_roles.firewall : Reboot transactional update systems] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:48 Saturday 27 July 2024 02:27:06 -0400 (0:00:00.020) 0:00:14.070 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Fail if reboot is needed and not set] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:53 Saturday 27 July 2024 02:27:06 -0400 (0:00:00.020) 0:00:14.090 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 27 July 2024 02:27:06 -0400 (0:00:00.019) 0:00:14.109 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 27 July 2024 02:27:06 -0400 (0:00:00.017) 0:00:14.127 ********* skipping: [managed_node1] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 27 July 2024 02:27:06 -0400 (0:00:00.027) 0:00:14.154 ********* ok: [managed_node1] => { "changed": false, "name": "firewalld", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13511733000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3356991488", "MemoryCurrent": "41132032", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "5", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 27 July 2024 02:27:06 -0400 (0:00:00.542) 0:00:14.696 ********* ok: [managed_node1] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13511733000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3379363840", "MemoryCurrent": "41132032", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "5", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 27 July 2024 02:27:07 -0400 (0:00:00.553) 0:00:15.250 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python3.12", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 27 July 2024 02:27:07 -0400 (0:00:00.027) 0:00:15.278 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 27 July 2024 02:27:07 -0400 (0:00:00.019) 0:00:15.297 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 27 July 2024 02:27:07 -0400 (0:00:00.017) 0:00:15.315 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 27 July 2024 02:27:07 -0400 (0:00:00.027) 0:00:15.342 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 27 July 2024 02:27:07 -0400 (0:00:00.025) 0:00:15.368 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall != None", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 27 July 2024 02:27:07 -0400 (0:00:00.014) 0:00:15.383 ********* ok: [managed_node1] => { "changed": false, "firewall_config": { "custom": { "services": { "custom": { "description": "", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "", "source_ports": [], "version": "" } }, "zones": { "public": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client", "https" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" } } }, "default": { "helpers": [ "irc", "netbios-ns", "amanda", "sane", "sip", "tftp", "Q.931", "RAS", "proto-gre", "pptp", "h323", "ftp", "snmp" ], "icmptypes": [ "tos-host-redirect", "fragmentation-needed", "host-redirect", "required-option-missing", "unknown-option", "router-advertisement", "ip-header-bad", "source-route-failed", "address-unreachable", "network-unknown", "network-redirect", "redirect", "reject-route", "mld-listener-done", "packet-too-big", "precedence-cutoff", "protocol-unreachable", "communication-prohibited", "no-route", "host-precedence-violation", "source-quench", "port-unreachable", "time-exceeded", "mld-listener-report", "echo-request", "unknown-header-type", "mld-listener-query", "bad-header", "parameter-problem", "beyond-scope", "host-unreachable", "host-unknown", "mld2-listener-report", "router-solicitation", "timestamp-reply", "tos-network-unreachable", "network-unreachable", "timestamp-request", "ttl-zero-during-transit", "host-prohibited", "destination-unreachable", "tos-network-redirect", "failed-policy", "echo-reply", "network-prohibited", "tos-host-unreachable", "ttl-zero-during-reassembly", "neighbour-advertisement", "neighbour-solicitation" ], "policies": [ "allow-host-ipv6" ], "services": [ "xmpp-client", "dropbox-lansync", "dns-over-quic", "sips", "bb", "zabbix-web-service", "cfengine", "pmwebapis", "finger", "ausweisapp2", "jenkins", "irc", "nbd", "svdrp", "netbios-ns", "mqtt-tls", "bgp", "wsman", "foreman", "llmnr-tcp", "afp", "ldaps", "wireguard", "dhcp", "zabbix-agent", "managesieve", "checkmk-agent", "pulseaudio", "ptp", "proxy-dhcp", "xdmcp", "smtp", "steam-streaming", "xmpp-bosh", "nfs3", "xmpp-local", "rpc-bind", "grafana", "ceph-mon", "llmnr-client", "high-availability", "kube-control-plane", "snmptrap", "zabbix-java-gateway", "sane", "pop3s", "zerotier", "libvirt-tls", "zabbix-server", "libvirt", "mssql", "mountd", "sip", "pmwebapi", "imaps", "puppetmaster", "gre", "nmea-0183", "ipfs", "ipp", "kubelet", "upnp-client", "openvpn", "galera", "dns", "svn", "opentelemetry", "etcd-server", "syslog-tls", "ldap", "samba-client", "nrpe", "ms-wbt", "bitcoin", "tftp", "mosh", "synergy", "freeipa-replication", "bitcoin-testnet-rpc", "rtsp", "kube-nodeport-services", "syncthing-relay", "alvr", "docker-swarm", "kube-api", "postgresql", "freeipa-trust", "bacula", "kube-control-plane-secure", "tile38", "anno-1800", "zabbix-trapper", "prometheus-node-exporter", "rsyncd", "quassel", "syscomlan", "ws-discovery-udp", "klogin", "syslog", "bitcoin-testnet", "dhcpv6", "warpinator", "squid", "samba-dc", "vdsm", "civilization-v", "statsrv", "ceph", "iscsi-target", "radius", "tinc", "rdp", "anno-1602", "ganglia-master", "vnc-server", "collectd", "RH-Satellite-6", "kube-worker", "nfs", "syncthing-gui", "imap", "llmnr", "distcc", "lightning-network", "vrrp", "civilization-iv", "matrix", "wbem-https", "transmission-client", "pmcd", "kibana", "ssh", "smtps", "ntp", "ws-discovery-client", "snmptls-trap", "slp", "nut", "murmur", "cratedb", "spotify-sync", "amqps", "plex", "telnet", "rsh", "wbem-http", "amqp", "kubelet-readonly", "mysql", "http", "llmnr-udp", "mdns", "apcupsd", "kpasswd", "http3", "settlers-history-collection", "bareos-director", "amanda-k5-client", "elasticsearch", "ctdb", "syncthing", "ovirt-imageio", "mongodb", "isns", "rquotad", "amanda-client", "redis-sentinel", "kube-apiserver", "stellaris", "ps3netsrv", "kerberos", "nebula", "bareos-storage", "etcd-client", "freeipa-ldaps", "tentacle", "condor-collector", "pop3", "kube-scheduler", "snmptls", "ftp", "need-for-speed-most-wanted", "audit", "zero-k", "freeipa-ldap", "gpsd", "0-AD", "ceph-exporter", "bacula-client", "snmp", "dds-unicast", "minidlna", "bittorrent-lsd", "ws-discovery", "xmpp-server", "samba", "kube-controller-manager", "memcache", "kshell", "privoxy", "netdata-dashboard", "kadmin", "pmproxy", "minecraft", "ipp-client", "dds", "smtp-submission", "mqtt", "ovirt-vmconsole", "ganglia-client", "supertuxkart", "freeipa-4", "kubelet-worker", "docker-registry", "ircs", "wsmans", "ps2link", "ipsec", "salt-master", "foreman-proxy", "stronghold-crusader", "cockpit", "prometheus", "terraria", "git", "ws-discovery-tcp", "spideroak-lansync", "ident", "tor-socks", "kprop", "bareos-filedaemon", "kdeconnect", "submission", "kube-controller-manager-secure", "kube-scheduler-secure", "https", "ssdp", "redis", "factorio", "dhcpv6-client", "dns-over-tls", "bitcoin-rpc", "RH-Satellite-6-capsule", "dds-multicast", "ovirt-storageconsole" ], "zones": [ "FedoraWorkstation", "block", "public", "external", "drop", "nm-shared", "FedoraServer", "internal", "work", "trusted", "home", "dmz" ] }, "default_zone": "public" } } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.450) 0:00:15.834 ********* ok: [managed_node1] => { "ansible_facts": { "firewall_config": { "custom": { "services": { "custom": { "description": "", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "", "source_ports": [], "version": "" } }, "zones": { "public": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client", "https" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" } } }, "default": { "helpers": [ "irc", "netbios-ns", "amanda", "sane", "sip", "tftp", "Q.931", "RAS", "proto-gre", "pptp", "h323", "ftp", "snmp" ], "icmptypes": [ "tos-host-redirect", "fragmentation-needed", "host-redirect", "required-option-missing", "unknown-option", "router-advertisement", "ip-header-bad", "source-route-failed", "address-unreachable", "network-unknown", "network-redirect", "redirect", "reject-route", "mld-listener-done", "packet-too-big", "precedence-cutoff", "protocol-unreachable", "communication-prohibited", "no-route", "host-precedence-violation", "source-quench", "port-unreachable", "time-exceeded", "mld-listener-report", "echo-request", "unknown-header-type", "mld-listener-query", "bad-header", "parameter-problem", "beyond-scope", "host-unreachable", "host-unknown", "mld2-listener-report", "router-solicitation", "timestamp-reply", "tos-network-unreachable", "network-unreachable", "timestamp-request", "ttl-zero-during-transit", "host-prohibited", "destination-unreachable", "tos-network-redirect", "failed-policy", "echo-reply", "network-prohibited", "tos-host-unreachable", "ttl-zero-during-reassembly", "neighbour-advertisement", "neighbour-solicitation" ], "policies": [ "allow-host-ipv6" ], "services": [ "xmpp-client", "dropbox-lansync", "dns-over-quic", "sips", "bb", "zabbix-web-service", "cfengine", "pmwebapis", "finger", "ausweisapp2", "jenkins", "irc", "nbd", "svdrp", "netbios-ns", "mqtt-tls", "bgp", "wsman", "foreman", "llmnr-tcp", "afp", "ldaps", "wireguard", "dhcp", "zabbix-agent", "managesieve", "checkmk-agent", "pulseaudio", "ptp", "proxy-dhcp", "xdmcp", "smtp", "steam-streaming", "xmpp-bosh", "nfs3", "xmpp-local", "rpc-bind", "grafana", "ceph-mon", "llmnr-client", "high-availability", "kube-control-plane", "snmptrap", "zabbix-java-gateway", "sane", "pop3s", "zerotier", "libvirt-tls", "zabbix-server", "libvirt", "mssql", "mountd", "sip", "pmwebapi", "imaps", "puppetmaster", "gre", "nmea-0183", "ipfs", "ipp", "kubelet", "upnp-client", "openvpn", "galera", "dns", "svn", "opentelemetry", "etcd-server", "syslog-tls", "ldap", "samba-client", "nrpe", "ms-wbt", "bitcoin", "tftp", "mosh", "synergy", "freeipa-replication", "bitcoin-testnet-rpc", "rtsp", "kube-nodeport-services", "syncthing-relay", "alvr", "docker-swarm", "kube-api", "postgresql", "freeipa-trust", "bacula", "kube-control-plane-secure", "tile38", "anno-1800", "zabbix-trapper", "prometheus-node-exporter", "rsyncd", "quassel", "syscomlan", "ws-discovery-udp", "klogin", "syslog", "bitcoin-testnet", "dhcpv6", "warpinator", "squid", "samba-dc", "vdsm", "civilization-v", "statsrv", "ceph", "iscsi-target", "radius", "tinc", "rdp", "anno-1602", "ganglia-master", "vnc-server", "collectd", "RH-Satellite-6", "kube-worker", "nfs", "syncthing-gui", "imap", "llmnr", "distcc", "lightning-network", "vrrp", "civilization-iv", "matrix", "wbem-https", "transmission-client", "pmcd", "kibana", "ssh", "smtps", "ntp", "ws-discovery-client", "snmptls-trap", "slp", "nut", "murmur", "cratedb", "spotify-sync", "amqps", "plex", "telnet", "rsh", "wbem-http", "amqp", "kubelet-readonly", "mysql", "http", "llmnr-udp", "mdns", "apcupsd", "kpasswd", "http3", "settlers-history-collection", "bareos-director", "amanda-k5-client", "elasticsearch", "ctdb", "syncthing", "ovirt-imageio", "mongodb", "isns", "rquotad", "amanda-client", "redis-sentinel", "kube-apiserver", "stellaris", "ps3netsrv", "kerberos", "nebula", "bareos-storage", "etcd-client", "freeipa-ldaps", "tentacle", "condor-collector", "pop3", "kube-scheduler", "snmptls", "ftp", "need-for-speed-most-wanted", "audit", "zero-k", "freeipa-ldap", "gpsd", "0-AD", "ceph-exporter", "bacula-client", "snmp", "dds-unicast", "minidlna", "bittorrent-lsd", "ws-discovery", "xmpp-server", "samba", "kube-controller-manager", "memcache", "kshell", "privoxy", "netdata-dashboard", "kadmin", "pmproxy", "minecraft", "ipp-client", "dds", "smtp-submission", "mqtt", "ovirt-vmconsole", "ganglia-client", "supertuxkart", "freeipa-4", "kubelet-worker", "docker-registry", "ircs", "wsmans", "ps2link", "ipsec", "salt-master", "foreman-proxy", "stronghold-crusader", "cockpit", "prometheus", "terraria", "git", "ws-discovery-tcp", "spideroak-lansync", "ident", "tor-socks", "kprop", "bareos-filedaemon", "kdeconnect", "submission", "kube-controller-manager-secure", "kube-scheduler-secure", "https", "ssdp", "redis", "factorio", "dhcpv6-client", "dns-over-tls", "bitcoin-rpc", "RH-Satellite-6-capsule", "dds-multicast", "ovirt-storageconsole" ], "zones": [ "FedoraWorkstation", "block", "public", "external", "drop", "nm-shared", "FedoraServer", "internal", "work", "trusted", "home", "dmz" ] }, "default_zone": "public" } }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.032) 0:00:15.867 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.020) 0:00:15.887 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.017) 0:00:15.905 ********* skipping: [managed_node1] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if firewall_config not changed] ************************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:69 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.020) 0:00:15.925 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_config == __previous_firewall_config", "skip_reason": "Conditional result was False" } TASK [Fail if config defaults changed] ***************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:76 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.013) 0:00:15.939 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_config.default != __previous_firewall_config.default", "skip_reason": "Conditional result was False" } TASK [Fail if custom config unchanged] ***************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:81 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.015) 0:00:15.954 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "'custom' not in firewall_config or 'zones' not in firewall_config.custom or 'services' not in firewall_config.custom", "skip_reason": "Conditional result was False" } TASK [Store previous firewall_config] ****************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:89 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.013) 0:00:15.968 ********* ok: [managed_node1] => { "censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result", "changed": false } TASK [Get firewall_config with detailed on] ************************************ task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:96 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.020) 0:00:15.988 ********* included: fedora.linux_system_roles.firewall for managed_node1 TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.065) 0:00:16.054 ********* included: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for managed_node1 TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.024) 0:00:16.079 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.021) 0:00:16.101 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.017) 0:00:16.119 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:22 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.019) 0:00:16.138 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag if transactional-update exists] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:27 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.017) 0:00:16.156 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 Saturday 27 July 2024 02:27:08 -0400 (0:00:00.017) 0:00:16.173 ********* ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:43 Saturday 27 July 2024 02:27:09 -0400 (0:00:01.313) 0:00:17.487 ********* skipping: [managed_node1] => { "false_condition": "__firewall_is_transactional | d(false)" } TASK [fedora.linux_system_roles.firewall : Reboot transactional update systems] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:48 Saturday 27 July 2024 02:27:09 -0400 (0:00:00.023) 0:00:17.510 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Fail if reboot is needed and not set] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:53 Saturday 27 July 2024 02:27:09 -0400 (0:00:00.024) 0:00:17.535 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 27 July 2024 02:27:09 -0400 (0:00:00.019) 0:00:17.554 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 27 July 2024 02:27:09 -0400 (0:00:00.019) 0:00:17.574 ********* skipping: [managed_node1] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 27 July 2024 02:27:09 -0400 (0:00:00.025) 0:00:17.599 ********* ok: [managed_node1] => { "changed": false, "name": "firewalld", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13533201000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3270291456", "MemoryCurrent": "41132032", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "5", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 27 July 2024 02:27:10 -0400 (0:00:00.548) 0:00:18.147 ********* ok: [managed_node1] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "13533201000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3275804672", "MemoryCurrent": "41132032", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "5", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 27 July 2024 02:27:10 -0400 (0:00:00.546) 0:00:18.694 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python3.12", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 27 July 2024 02:27:10 -0400 (0:00:00.031) 0:00:18.725 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 27 July 2024 02:27:11 -0400 (0:00:00.018) 0:00:18.744 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 27 July 2024 02:27:11 -0400 (0:00:00.018) 0:00:18.762 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 27 July 2024 02:27:11 -0400 (0:00:00.026) 0:00:18.788 ********* ok: [managed_node1] => (item={'detailed': True}) => { "ansible_loop_var": "item", "changed": false, "firewall_config": { "custom": { "services": { "custom": { "description": "", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "", "source_ports": [], "version": "" } }, "zones": { "public": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client", "https" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" } } }, "default": { "helpers": { "Q.931": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [ [ "1720", "tcp" ] ], "short": "", "version": "" }, "RAS": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [ [ "1719", "udp" ] ], "short": "", "version": "" }, "amanda": { "description": "", "family": "", "module": "nf_conntrack_amanda", "port": [ [ "10080", "udp" ] ], "short": "", "version": "" }, "ftp": { "description": "", "family": "", "module": "nf_conntrack_ftp", "port": [ [ "21", "tcp" ] ], "short": "", "version": "" }, "h323": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [], "short": "", "version": "" }, "irc": { "description": "", "family": "ipv4", "module": "nf_conntrack_irc", "port": [ [ "194", "tcp" ] ], "short": "", "version": "" }, "netbios-ns": { "description": "", "family": "ipv4", "module": "nf_conntrack_netbios_ns", "port": [ [ "137", "udp" ] ], "short": "", "version": "" }, "pptp": { "description": "", "family": "ipv4", "module": "nf_conntrack_pptp", "port": [ [ "1723", "tcp" ] ], "short": "", "version": "" }, "proto-gre": { "description": "", "family": "", "module": "nf_conntrack_proto_gre", "port": [], "short": "", "version": "" }, "sane": { "description": "", "family": "", "module": "nf_conntrack_sane", "port": [ [ "6566", "tcp" ] ], "short": "", "version": "" }, "sip": { "description": "", "family": "", "module": "nf_conntrack_sip", "port": [ [ "5060", "tcp" ], [ "5060", "udp" ] ], "short": "", "version": "" }, "snmp": { "description": "", "family": "ipv4", "module": "nf_conntrack_snmp", "port": [ [ "161", "udp" ] ], "short": "", "version": "" }, "tftp": { "description": "", "family": "", "module": "nf_conntrack_tftp", "port": [ [ "69", "udp" ] ], "short": "", "version": "" } }, "icmptypes": { "address-unreachable": { "description": "This error message is generated by a router, or by the IPv6 layer in the originating node, in response to a packet that cannot be delivered to its destination address for reasons other than congestion.", "destination": [ "ipv6" ], "short": "Address Unreachable", "version": "" }, "bad-header": { "description": "This error message is created if there has been an error in the header of a packet.", "destination": [ "ipv6" ], "short": "Bad Header", "version": "" }, "beyond-scope": { "description": "This error message is sent if transmitting a package would cross a zone boundary of the scope of the source address.", "destination": [ "ipv6" ], "short": "Beyond Scope", "version": "" }, "communication-prohibited": { "description": "This error message is sent if communication with destination administratively prohibited.", "destination": [ "ipv4", "ipv6" ], "short": "Communication Prohibited", "version": "" }, "destination-unreachable": { "description": "This error message is generated by a host or gateway if the destination is not reachable.", "destination": [], "short": "Destination Unreachable", "version": "" }, "echo-reply": { "description": "This message is the answer to an Echo Request.", "destination": [], "short": "Echo Reply (pong)", "version": "" }, "echo-request": { "description": "This message is used to test if a host is reachable mostly with the ping utility.", "destination": [], "short": "Echo Request (ping)", "version": "" }, "failed-policy": { "description": "This error message is generated if the source address failed ingress/egress policy.", "destination": [ "ipv6" ], "short": "Failed Policy", "version": "" }, "fragmentation-needed": { "description": "This error message is sent if fragmentation is required, and Don not Fragment (DF) flag is set.", "destination": [ "ipv4" ], "short": "Fragmentation Needed", "version": "" }, "host-precedence-violation": { "description": "This error message is sent if the communication administratively prohibited.", "destination": [ "ipv4" ], "short": "Host Precedence Violation", "version": "" }, "host-prohibited": { "description": "This error message is sent if access from a host administratively prohibited.", "destination": [ "ipv4" ], "short": "Host Prohibited", "version": "" }, "host-redirect": { "description": "This message is sent if the datagram is redirected for the host.", "destination": [ "ipv4" ], "short": "Host Redirect", "version": "" }, "host-unknown": { "description": "This error message is sent if the destination host is unknown.", "destination": [ "ipv4" ], "short": "Host Unknown", "version": "" }, "host-unreachable": { "description": "This error message is sent if the destination host is unreachable.", "destination": [ "ipv4" ], "short": "Host Unreachable", "version": "" }, "ip-header-bad": { "description": "This error message is sent if the IP header is bad.", "destination": [ "ipv4" ], "short": "Ip Header Bad", "version": "" }, "mld-listener-done": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Done (type 132) (RFC 4890 section 4.4.1). Also known as mld-listener-reduction to nft.", "destination": [ "ipv6" ], "short": "MLD Listener Done", "version": "" }, "mld-listener-query": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Query (type 130) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLD Listener Query", "version": "" }, "mld-listener-report": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Report (type 131) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLD Listener Report", "version": "" }, "mld2-listener-report": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDLv2) of type Multicast Listener Report (type 143) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLDv2 Multicast Listener Report", "version": "" }, "neighbour-advertisement": { "description": "This informational message is sent in response to a neighbour-solicitation message in order to (unreliably) propagate new information quickly.", "destination": [ "ipv6" ], "short": "Neighbour Advertisement (Neighbor Advertisement)", "version": "" }, "neighbour-solicitation": { "description": "This informational message is sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection.", "destination": [ "ipv6" ], "short": "Neighbour Solicitation (Neighbor Solicitation)", "version": "" }, "network-prohibited": { "description": "This message is sent if the network is administratively prohibited.", "destination": [ "ipv4" ], "short": "Network Prohibited", "version": "" }, "network-redirect": { "description": "This message is sent if the datagram is redirected for the network.", "destination": [ "ipv4" ], "short": "Network Redirect", "version": "" }, "network-unknown": { "description": "This message is sent if the destination network is unknown.", "destination": [ "ipv4" ], "short": "Network Unknown", "version": "" }, "network-unreachable": { "description": "This message is sent if the destination network is unreachable.", "destination": [ "ipv4" ], "short": "Network Unreachable", "version": "" }, "no-route": { "description": "This error message is set if there is no route to the destination.", "destination": [ "ipv6" ], "short": "No Route", "version": "" }, "packet-too-big": { "description": "This error message is sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link.", "destination": [ "ipv6" ], "short": "Packet Too Big", "version": "" }, "parameter-problem": { "description": "This error message is generated if the IP header is bad, either by a missing option or bad length.", "destination": [], "short": "Parameter Problem", "version": "" }, "port-unreachable": { "description": "This error message is sent if the port unreachable.", "destination": [ "ipv4", "ipv6" ], "short": "Port Unreachable", "version": "" }, "precedence-cutoff": { "description": "This message is sent if the precedence is lower than the required minimum.", "destination": [ "ipv4" ], "short": "Precedence Cutoff", "version": "" }, "protocol-unreachable": { "description": "This message is sent if the destination protocol is unreachable.", "destination": [ "ipv4" ], "short": "Protocol Unreachable", "version": "" }, "redirect": { "description": "This error message informs a host to send packets on another route.", "destination": [], "short": "Redirect", "version": "" }, "reject-route": { "description": "This error message is sent if the route to destination is rejected.", "destination": [ "ipv6" ], "short": "Reject Route", "version": "" }, "required-option-missing": { "description": "This message is sent if a required option is missing.", "destination": [ "ipv4" ], "short": "Required Option Missing", "version": "" }, "router-advertisement": { "description": "This message is used by routers to periodically announce the IP address of a multicast interface.", "destination": [], "short": "Router Advertisement", "version": "" }, "router-solicitation": { "description": "This message is used by a host attached to a multicast link to request a Router Advertisement.", "destination": [], "short": "Router Solicitation", "version": "" }, "source-quench": { "description": "This error message is generated to tell a host to reduce the pace at which it is sending packets.", "destination": [ "ipv4" ], "short": "Source Quench", "version": "" }, "source-route-failed": { "description": "This message is sent if the source route has failed.", "destination": [ "ipv4" ], "short": "Source Route Failed", "version": "" }, "time-exceeded": { "description": "This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet.", "destination": [], "short": "Time Exceeded", "version": "" }, "timestamp-reply": { "description": "This message is used to reply to a timestamp message.", "destination": [ "ipv4" ], "short": "Timestamp Reply", "version": "" }, "timestamp-request": { "description": "This message is used for time synchronization.", "destination": [ "ipv4" ], "short": "Timestamp Request", "version": "" }, "tos-host-redirect": { "description": "This message is the datagram is redirected for the type of service and host.", "destination": [ "ipv4" ], "short": "TOS Host Redirect", "version": "" }, "tos-host-unreachable": { "description": "This message is sent if the host is unreachable for the type of service.", "destination": [ "ipv4" ], "short": "TOS Host Unreachable", "version": "" }, "tos-network-redirect": { "description": "This message is sent if the datagram is redirected for the type of service and network.", "destination": [ "ipv4" ], "short": "TOS Network Redirect", "version": "" }, "tos-network-unreachable": { "description": "This error message is sent if the network is unreachable for the type of service.", "destination": [ "ipv4" ], "short": "TOS Network Unreachable", "version": "" }, "ttl-zero-during-reassembly": { "description": "This error message is sent if a host fails to reassemble a fragmented datagram within its time limit.", "destination": [ "ipv4", "ipv6" ], "short": "TTL Zero During Reassembly", "version": "" }, "ttl-zero-during-transit": { "description": "This error message is sent if the time to live exceeded in transit.", "destination": [ "ipv4", "ipv6" ], "short": "TTL Zero During Transit", "version": "" }, "unknown-header-type": { "description": "This error message is sent if an unrecognized Next Header type encountered.", "destination": [ "ipv6" ], "short": "Unknown Header Type", "version": "" }, "unknown-option": { "description": "This error message is sent if an unrecognized IPv6 option encountered.", "destination": [ "ipv6" ], "short": "Unknown Option", "version": "" } }, "policies": { "allow-host-ipv6": { "description": "Allows basic IPv6 functionality for the host running firewalld.", "egress_zones": [ "HOST" ], "forward_ports": [], "icmp_blocks": [], "ingress_zones": [ "ANY" ], "masquerade": false, "ports": [], "priority": -15000, "protocols": [], "rich_rules": [ "rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept", "rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept", "rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept", "rule family=\"ipv6\" icmp-type name=\"redirect\" accept" ], "services": [], "short": "Allow host IPv6", "source_ports": [], "target": "CONTINUE", "version": "" } }, "services": { "0-AD": { "description": " 0 A.D. is a real-time strategy (RTS) game of ancient warfare. It's a historically-based war/economy game that allows players to relive or rewrite the history of thirteen ancient civilizations, each depicted at their peak of economic growth and military prowess. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "20595", "udp" ] ], "protocols": [], "short": "0 A.D.", "source_ports": [], "version": "" }, "RH-Satellite-6": { "description": "Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.", "destination": {}, "helpers": [], "includes": [ "foreman" ], "modules": [], "ports": [ [ "5000", "tcp" ], [ "5646-5647", "tcp" ], [ "5671", "tcp" ], [ "8000", "tcp" ], [ "8080", "tcp" ], [ "9090", "tcp" ] ], "protocols": [], "short": "Red Hat Satellite 6", "source_ports": [], "version": "" }, "RH-Satellite-6-capsule": { "description": "Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.", "destination": {}, "helpers": [], "includes": [ "RH-Satellite-6" ], "modules": [], "ports": [ [ "8443", "tcp" ] ], "protocols": [], "short": "Red Hat Satellite 6 Capsule", "source_ports": [], "version": "" }, "afp": { "description": "The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "548", "tcp" ] ], "protocols": [], "short": "AFP", "source_ports": [], "version": "" }, "alvr": { "description": "ALVR is an open source remote VR display which allows playing SteamVR games on a standalone headset such as Gear VR or Oculus Go/Quest.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9943-9944", "tcp" ], [ "9943-9944", "udp" ] ], "protocols": [], "short": "Stream VR games from your PC to your headset via Wi-Fi", "source_ports": [], "version": "" }, "amanda-client": { "description": "The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.", "destination": {}, "helpers": [ "amanda" ], "includes": [], "modules": [], "ports": [ [ "10080", "udp" ], [ "10080", "tcp" ] ], "protocols": [], "short": "Amanda Backup Client", "source_ports": [], "version": "" }, "amanda-k5-client": { "description": "The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication", "destination": {}, "helpers": [ "amanda" ], "includes": [], "modules": [], "ports": [ [ "10082", "tcp" ] ], "protocols": [], "short": "Amanda Backup Client (kerberized)", "source_ports": [], "version": "" }, "amqp": { "description": "The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5672", "tcp" ] ], "protocols": [], "short": "amqp", "source_ports": [], "version": "" }, "amqps": { "description": "The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5671", "tcp" ] ], "protocols": [], "short": "amqps", "source_ports": [], "version": "" }, "anno-1602": { "description": " Anno 1602 is a construction and management video game. Set in the early modern period, it requires the player to build colonies on small islands and manage resources, exploration, diplomacy and trade. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "47624", "tcp" ], [ "2300-2400", "tcp" ], [ "2300-2400", "udp" ] ], "protocols": [], "short": "Anno 1602", "source_ports": [], "version": "" }, "anno-1800": { "description": " Anno 1800 - Lead the Industrial Revolution! Welcome to the dawn of the Industrial Age. The path you choose will define your world. Are you an innovator or an exploiter? A conqueror or a liberator? How the world remembers your name is up to you. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18000", "udp" ] ], "protocols": [], "short": "Anno 1800", "source_ports": [], "version": "" }, "apcupsd": { "description": "The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3551", "tcp" ] ], "protocols": [], "short": "apcupsd", "source_ports": [], "version": "" }, "audit": { "description": "The Linux Audit subsystem is used to log security events. Enable this option, if you plan to aggregate audit events to/from a remote server/client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "60", "tcp" ] ], "protocols": [], "short": "Audit", "source_ports": [], "version": "" }, "ausweisapp2": { "description": "AusweisApp2 is an official government application to provide electronic identification services (eID) in conjunction with an approved electronic identification document such as the german nPA. In order to use your Smartphone as a card reader enable this service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "24727", "udp" ] ], "protocols": [], "short": "AusweisApp2", "source_ports": [], "version": "1.17.1" }, "bacula": { "description": "Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9101", "tcp" ], [ "9102", "tcp" ], [ "9103", "tcp" ] ], "protocols": [], "short": "Bacula", "source_ports": [], "version": "" }, "bacula-client": { "description": "This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9102", "tcp" ] ], "protocols": [], "short": "Bacula Client", "source_ports": [], "version": "" }, "bareos-director": { "description": "This option allows connections to a local Bareos Director. These connections are typically initiated by Bareos consoles (bconsole). Bareos WebUI and Bareos File Daemon (when using Client Initiated Connections).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9101", "tcp" ] ], "protocols": [], "short": "Bareos Director Daemon (bareos-dir)", "source_ports": [], "version": "" }, "bareos-filedaemon": { "description": "This option allows a Bareos Director to connect to the local Bareos File Daemon.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9102", "tcp" ] ], "protocols": [], "short": "Bareos File Daemon (bareos-fd)", "source_ports": [], "version": "" }, "bareos-storage": { "description": "This option allows Bareos Director and File Daemons to connect to the local Bareos Storage Daemon to send/receive data and manage volumes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9103", "tcp" ] ], "protocols": [], "short": "Bareos Storage Daemon (bareos-sd)", "source_ports": [], "version": "" }, "bb": { "description": "Big Brother is a plain text protocol for sending and receiving client data, reports, and queries to a BB-compatible monitoring server or proxy. The standard IANA port for a listening Big Brother service is 1984, because of course it is.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1984", "tcp" ], [ "1984", "udp" ] ], "protocols": [], "short": "Big Brother", "source_ports": [], "version": "" }, "bgp": { "description": "Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "179", "tcp" ] ], "protocols": [], "short": "BGP service listen", "source_ports": [], "version": "" }, "bitcoin": { "description": "The default port used by Bitcoin. Enable this option if you plan to be a full Bitcoin node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8333", "tcp" ] ], "protocols": [], "short": "Bitcoin", "source_ports": [], "version": "" }, "bitcoin-rpc": { "description": "Enable this option if you need access to the Bitcoin RPC interface. This is not required when connecting on localhost.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8332", "tcp" ] ], "protocols": [], "short": "Bitcoin RPC", "source_ports": [], "version": "" }, "bitcoin-testnet": { "description": "The default port used by Bitcoin testnet. Enable this option if you plan to be a Bitcoin full node on the test network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18333", "tcp" ] ], "protocols": [], "short": "Bitcoin testnet", "source_ports": [], "version": "" }, "bitcoin-testnet-rpc": { "description": "Enable this option if you need access to the Bitcoin RPC interface running on the testnet. This is not required when connecting on localhost.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18332", "tcp" ] ], "protocols": [], "short": "Bitcoin testnet RPC", "source_ports": [], "version": "" }, "bittorrent-lsd": { "description": "Local Peer Discovery is a protocol designed to support the discovery of BitTorrent peers on a local area network. Enable this service if you run a BitTorrent client.", "destination": { "ipv4": "239.192.152.143", "ipv6": "ff15::efc0:988f" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6771", "udp" ] ], "protocols": [], "short": "BitTorrent Local Peer Discovery (LSD)", "source_ports": [], "version": "" }, "ceph": { "description": "Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS), or Manager Daemons (MGR).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6800-7568", "tcp" ] ], "protocols": [], "short": "ceph", "source_ports": [], "version": "" }, "ceph-exporter": { "description": "The Prometheus module running on Ceph manager to expose metrics.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9283", "tcp" ] ], "protocols": [], "short": "ceph-exporter", "source_ports": [], "version": "" }, "ceph-mon": { "description": "Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3300", "tcp" ], [ "6789", "tcp" ] ], "protocols": [], "short": "ceph-mon", "source_ports": [], "version": "" }, "cfengine": { "description": "CFEngine server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5308", "tcp" ] ], "protocols": [], "short": "CFEngine", "source_ports": [], "version": "" }, "checkmk-agent": { "description": "The checkmk monitoring agent runs on clients to provide detailed host state.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6556", "tcp" ] ], "protocols": [], "short": "checkmk agent", "source_ports": [], "version": "" }, "civilization-iv": { "description": " Civilization IV is a 4X turn-based strategy computer game and the fourth installment of the Civilization series. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2033", "tcp" ], [ "2056", "tcp" ], [ "3783", "tcp" ], [ "6500", "tcp" ], [ "6667", "tcp" ], [ "28900", "tcp" ], [ "29900-29901", "tcp" ], [ "2033", "udp" ], [ "2302-2400", "udp" ], [ "6500", "udp" ], [ "6515", "udp" ], [ "13139", "udp" ], [ "27900", "udp" ] ], "protocols": [], "short": "Sid Meier's Civilization IV", "source_ports": [], "version": "" }, "civilization-v": { "description": " Become Ruler of the World by establishing and leading a civilization from the dawn of man into the space age: Wage war, conduct diplomacy, discover new technologies, go head-to-head with some of history’s greatest leaders and build the most powerful empire the world has ever known. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1745", "tcp" ], [ "1795", "tcp" ], [ "3074", "tcp" ], [ "27015-27030", "tcp" ], [ "27036-27037", "tcp" ], [ "1745", "udp" ], [ "1795", "udp" ], [ "3064", "udp" ], [ "3074", "udp" ], [ "4380", "udp" ], [ "27000-27031", "udp" ], [ "27036", "udp" ] ], "protocols": [], "short": "Sid Meier's Civilization V", "source_ports": [], "version": "" }, "cockpit": { "description": "Cockpit lets you access and configure your server remotely.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9090", "tcp" ] ], "protocols": [], "short": "Cockpit", "source_ports": [], "version": "" }, "collectd": { "description": "Collectd is a monitoring system that allows metrics to be sent over the network. This rule allows incoming collectd traffic from remote boxes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25826", "udp" ] ], "protocols": [], "short": "Collectd", "source_ports": [], "version": "" }, "condor-collector": { "description": "The HT Condor Collector is needed to organize the condor worker nodes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9618", "tcp" ] ], "protocols": [], "short": "HT Condor Collector", "source_ports": [], "version": "" }, "cratedb": { "description": "CrateDB is a distributed SQL database management system that integrates a fully searchable document oriented data store.", "destination": {}, "helpers": [], "includes": [ "postgresql" ], "modules": [], "ports": [ [ "4200", "tcp" ], [ "4300", "tcp" ] ], "protocols": [], "short": "CrateDB", "source_ports": [], "version": "" }, "ctdb": { "description": "CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4379", "tcp" ], [ "4379", "udp" ] ], "protocols": [], "short": "CTDB", "source_ports": [], "version": "" }, "dds": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast and multicast service for domains with ID 0 through 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": {}, "helpers": [], "includes": [ "dds-multicast", "dds-unicast" ], "modules": [], "ports": [], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dds-multicast": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 to 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": { "ipv4": "239.255.0.1" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7400-7401", "udp" ], [ "7650-7651", "udp" ], [ "7900-7901", "udp" ], [ "8150-8151", "udp" ], [ "8400-8401", "udp" ], [ "8650-8651", "udp" ], [ "8900-8901", "udp" ], [ "9150-9151", "udp" ], [ "9400-9401", "udp" ], [ "9650-9651", "udp" ], [ "9900-9901", "udp" ] ], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dds-unicast": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 ito 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7402-7649", "udp" ], [ "7652-7899", "udp" ], [ "7902-8149", "udp" ], [ "8152-8339", "udp" ], [ "8402-8649", "udp" ], [ "8652-8899", "udp" ], [ "8902-9149", "udp" ], [ "9152-9339", "udp" ], [ "9402-9649", "udp" ], [ "9652-9899", "udp" ], [ "9902-10149", "udp" ] ], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dhcp": { "description": "This allows a DHCP server to accept messages from DHCP clients and relay agents.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "67", "udp" ] ], "protocols": [], "short": "DHCP", "source_ports": [], "version": "" }, "dhcpv6": { "description": "This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "547", "udp" ] ], "protocols": [], "short": "DHCPv6", "source_ports": [], "version": "" }, "dhcpv6-client": { "description": "This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server.", "destination": { "ipv6": "fe80::/64" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "546", "udp" ] ], "protocols": [], "short": "DHCPv6 Client", "source_ports": [], "version": "" }, "distcc": { "description": "Distcc is a protocol used for distributed compilation.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3632", "tcp" ] ], "protocols": [], "short": "distcc", "source_ports": [], "version": "" }, "dns": { "description": "The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "53", "tcp" ], [ "53", "udp" ] ], "protocols": [], "short": "DNS", "source_ports": [], "version": "" }, "dns-over-quic": { "description": "DNS over QUIC (DoQ) is a protocol that combines the security and performance benefits of the QUIC transport protocol with DNS operations, providing encrypted, faster, and more resilient domain name resolution (rfc9250).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "853", "udp" ] ], "protocols": [], "short": "DNS over QUIC", "source_ports": [], "version": "" }, "dns-over-tls": { "description": "DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "853", "tcp" ] ], "protocols": [], "short": "DNS over TLS", "source_ports": [], "version": "" }, "docker-registry": { "description": "Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5000", "tcp" ] ], "protocols": [], "short": "Docker Registry", "source_ports": [], "version": "" }, "docker-swarm": { "description": "Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2377", "tcp" ], [ "7946", "tcp" ], [ "7946", "udp" ], [ "4789", "udp" ] ], "protocols": [ "esp" ], "short": "Docker integrated swarm mode", "source_ports": [], "version": "" }, "dropbox-lansync": { "description": "Dropbox LAN sync", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "17500", "udp" ], [ "17500", "tcp" ] ], "protocols": [], "short": "dropboxlansync", "source_ports": [], "version": "1.0" }, "elasticsearch": { "description": "Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9300", "tcp" ], [ "9200", "tcp" ] ], "protocols": [], "short": "Elasticsearch", "source_ports": [], "version": "" }, "etcd-client": { "description": "etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2379", "tcp" ] ], "protocols": [], "short": "etcd Client", "source_ports": [], "version": "" }, "etcd-server": { "description": "etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2380", "tcp" ] ], "protocols": [], "short": "etcd Server", "source_ports": [], "version": "" }, "factorio": { "description": " Factorio is a game about building and creating automated factories to produce items of increasing complexity, within an infinite 2D world. Use your imagination to design your factory, combine simple elements into ingenious structures, and finally protect it from the creatures who don't really like you. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "34197", "udp" ] ], "protocols": [], "short": "Factorio", "source_ports": [], "version": "" }, "finger": { "description": "Finger is a protocol for obtaining information about users on remote hosts.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "79", "tcp" ] ], "protocols": [], "short": "finger", "source_ports": [], "version": "" }, "foreman": { "description": "Foreman is a complete lifecycle management tool for physical and virtual servers.", "destination": {}, "helpers": [], "includes": [ "dns", "http", "https", "dhcp", "tftp" ], "modules": [], "ports": [ [ "68", "udp" ], [ "8140", "tcp" ] ], "protocols": [], "short": "foreman", "source_ports": [], "version": "" }, "foreman-proxy": { "description": "The Smart Proxy is a project which provides a restful API to various sub-systems.", "destination": {}, "helpers": [], "includes": [ "foreman" ], "modules": [], "ports": [ [ "8443", "tcp" ] ], "protocols": [], "short": "foreman-proxy", "source_ports": [], "version": "" }, "freeipa-4": { "description": "FreeIPA is an integrated identity and authentication solution with Kerberos, LDAP, PKI, and web UI. Enable this option if you plan to provide a FreeIPA server. Enable the 'dns' service if this FreeIPA server provides DNS services, 'ntp' service if this FreeIPA server provides NTP services, and 'freeipa-trust' for cross-forest trusts with Active Directory.", "destination": {}, "helpers": [], "includes": [ "http", "https", "kerberos", "kpasswd", "ldap", "ldaps" ], "modules": [], "ports": [], "protocols": [], "short": "FreeIPA 4 server", "source_ports": [], "version": "" }, "freeipa-ldap": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ], [ "443", "tcp" ], [ "88", "tcp" ], [ "88", "udp" ], [ "464", "tcp" ], [ "464", "udp" ], [ "123", "udp" ], [ "389", "tcp" ] ], "protocols": [], "short": "FreeIPA with LDAP (deprecated)", "source_ports": [], "version": "" }, "freeipa-ldaps": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ], [ "443", "tcp" ], [ "88", "tcp" ], [ "88", "udp" ], [ "464", "tcp" ], [ "464", "udp" ], [ "123", "udp" ], [ "636", "tcp" ] ], "protocols": [], "short": "FreeIPA with LDAPS (deprecated)", "source_ports": [], "version": "" }, "freeipa-replication": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7389", "tcp" ] ], "protocols": [], "short": "FreeIPA replication (deprecated)", "source_ports": [], "version": "" }, "freeipa-trust": { "description": "FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "135", "tcp" ], [ "138-139", "tcp" ], [ "138-139", "udp" ], [ "389", "tcp" ], [ "389", "udp" ], [ "445", "tcp" ], [ "445", "udp" ], [ "49152-65535", "tcp" ], [ "3268", "tcp" ] ], "protocols": [], "short": "FreeIPA trust setup", "source_ports": [], "version": "" }, "ftp": { "description": "FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.", "destination": {}, "helpers": [ "ftp" ], "includes": [], "modules": [], "ports": [ [ "21", "tcp" ] ], "protocols": [], "short": "FTP", "source_ports": [], "version": "" }, "galera": { "description": "MariaDB-Galera Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3306", "tcp" ], [ "4567", "tcp" ], [ "4568", "tcp" ], [ "4444", "tcp" ] ], "protocols": [], "short": "Galera", "source_ports": [], "version": "" }, "ganglia-client": { "description": "Ganglia monitoring daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8660", "tcp" ] ], "protocols": [], "short": "ganglia-client", "source_ports": [], "version": "" }, "ganglia-master": { "description": "Ganglia collector", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8651", "tcp" ] ], "protocols": [], "short": "ganglia-master", "source_ports": [], "version": "" }, "git": { "description": "The git daemon for supporting git:// access to git repositories.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9418", "tcp" ] ], "protocols": [], "short": "git", "source_ports": [], "version": "" }, "gpsd": { "description": "gpsd is a service daemon that monitors one or more GPSes or AIS receivers attached to a host computer through serial or USB ports, making all data on the location/course/velocity of the sensors available to be queried on TCP port 2947 of the host computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2947", "tcp" ] ], "protocols": [], "short": "gpsd", "source_ports": [], "version": "" }, "grafana": { "description": "Grafana is an open platform for beautiful analytics and monitoring", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3000", "tcp" ] ], "protocols": [], "short": "grafana", "source_ports": [], "version": "" }, "gre": { "description": "", "destination": {}, "helpers": [ "proto-gre" ], "includes": [], "modules": [], "ports": [], "protocols": [ "gre" ], "short": "", "source_ports": [], "version": "" }, "high-availability": { "description": "This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2224", "tcp" ], [ "3121", "tcp" ], [ "5403", "tcp" ], [ "5404", "udp" ], [ "5405-5412", "udp" ], [ "9929", "tcp" ], [ "9929", "udp" ], [ "21064", "tcp" ] ], "protocols": [], "short": "Red Hat High Availability", "source_ports": [], "version": "" }, "http": { "description": "HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ] ], "protocols": [], "short": "WWW (HTTP)", "source_ports": [], "version": "" }, "http3": { "description": "HTTP/3 is a protocol used to serve Web pages that uses QUIC as the transport protocol. If you plan to make your HTTP/3 compatible Web server publicly available, enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "443", "udp" ] ], "protocols": [], "short": "WWW (HTTP/3)", "source_ports": [], "version": "" }, "https": { "description": "HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "443", "tcp" ] ], "protocols": [], "short": "Secure WWW (HTTPS)", "source_ports": [], "version": "" }, "ident": { "description": "The Identification Protocol as specified in RFC 1413, which is used to determine the identity of a user of a particular TCP connection.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "113", "tcp" ] ], "protocols": [], "short": "Ident Protocol", "source_ports": [], "version": "" }, "imap": { "description": "The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "143", "tcp" ] ], "protocols": [], "short": "IMAP", "source_ports": [], "version": "" }, "imaps": { "description": "The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "993", "tcp" ] ], "protocols": [], "short": "IMAP over SSL", "source_ports": [], "version": "" }, "ipfs": { "description": "The InterPlanetary File System (IPFS) is a peer-to-peer hypermedia protocol designed to make the web faster, safer, and more open", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4001", "tcp" ], [ "4001", "udp" ] ], "protocols": [], "short": "IPFS", "source_ports": [], "version": "" }, "ipp": { "description": "The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "631", "tcp" ], [ "631", "udp" ] ], "protocols": [], "short": "Network Printing Server (IPP)", "source_ports": [], "version": "" }, "ipp-client": { "description": "The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "631", "udp" ] ], "protocols": [], "short": "Network Printing Client (IPP)", "source_ports": [], "version": "" }, "ipsec": { "description": "Internet Protocol Security (IPsec) is the standardized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practice.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "500", "udp" ], [ "4500", "udp" ], [ "4500", "tcp" ] ], "protocols": [ "ah", "esp" ], "short": "IPsec", "source_ports": [], "version": "" }, "irc": { "description": "An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6667", "tcp" ] ], "protocols": [], "short": "IRC", "source_ports": [], "version": "" }, "ircs": { "description": "An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6697", "tcp" ] ], "protocols": [], "short": "IRC TLS/SSL", "source_ports": [], "version": "" }, "iscsi-target": { "description": "Internet SCSI target is a storage resource located on an iSCSI server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3260", "tcp" ], [ "3260", "udp" ] ], "protocols": [], "short": "iSCSI target", "source_ports": [], "version": "" }, "isns": { "description": "The Internet Storage Name Service (iSNS) is a protocol that allows automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3205", "tcp" ], [ "3205", "udp" ] ], "protocols": [], "short": "iSNS", "source_ports": [], "version": "" }, "jenkins": { "description": "Jenkins is an open source automation server written in Java.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8080", "tcp" ] ], "protocols": [], "short": "jenkins", "source_ports": [], "version": "" }, "kadmin": { "description": "Kerberos Administration Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "749", "tcp" ] ], "protocols": [], "short": "kadmin", "source_ports": [], "version": "" }, "kdeconnect": { "description": "KDE Connect is an application to connect your phone to your computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1714-1764", "tcp" ], [ "1714-1764", "udp" ] ], "protocols": [], "short": "KDE Connect", "source_ports": [], "version": "" }, "kerberos": { "description": "Kerberos network authentication protocol server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "88", "tcp" ], [ "88", "udp" ] ], "protocols": [], "short": "Kerberos", "source_ports": [], "version": "" }, "kibana": { "description": "Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5601", "tcp" ] ], "protocols": [], "short": "Kibana", "source_ports": [], "version": "" }, "klogin": { "description": "The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "543", "tcp" ] ], "protocols": [], "short": "klogin", "source_ports": [], "version": "" }, "kpasswd": { "description": "Kerberos password (Kpasswd) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "464", "tcp" ], [ "464", "udp" ] ], "protocols": [], "short": "Kpasswd", "source_ports": [], "version": "" }, "kprop": { "description": "Kerberos KDC Propagation Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "754", "tcp" ] ], "protocols": [], "short": "kprop", "source_ports": [], "version": "" }, "kshell": { "description": "Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "544", "tcp" ] ], "protocols": [], "short": "kshell", "source_ports": [], "version": "" }, "kube-api": { "description": "Backwards compatibility after service renaming", "destination": {}, "helpers": [], "includes": [ "kubelet" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kube-apiserver": { "description": "The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6443", "tcp" ] ], "protocols": [], "short": "Kubernetes Api Server", "source_ports": [], "version": "" }, "kube-control-plane": { "description": "The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others", "destination": {}, "helpers": [], "includes": [ "etcd-client", "etcd-server", "kube-apiserver", "kube-controller-manager", "kube-scheduler" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Control-plane Node", "source_ports": [], "version": "" }, "kube-control-plane-secure": { "description": "The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others", "destination": {}, "helpers": [], "includes": [ "etcd-client", "etcd-server", "kube-apiserver", "kube-controller-manager-secure", "kube-scheduler-secure" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Control-plane Node - secure", "source_ports": [], "version": "" }, "kube-controller-manager": { "description": "The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10252", "tcp" ] ], "protocols": [], "short": "Kubernetes Controller Manager", "source_ports": [], "version": "" }, "kube-controller-manager-secure": { "description": "The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10257", "tcp" ] ], "protocols": [], "short": "Kubernetes Controller Manager - Secure", "source_ports": [], "version": "" }, "kube-nodeport-services": { "description": "Services of type NodePort expose a port on each worker", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "30000-32767", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kube-scheduler": { "description": "The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10251", "tcp" ] ], "protocols": [], "short": "Kubernetes Scheduler", "source_ports": [], "version": "" }, "kube-scheduler-secure": { "description": "The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10259", "tcp" ] ], "protocols": [], "short": "Kubernetes Scheduler - secure", "source_ports": [], "version": "" }, "kube-worker": { "description": "The Kubernetes Worker Node runs some (or sometimes all) of the workloads of the Kubernetes cluster. There might be NodoPort services associated with these workloads.", "destination": {}, "helpers": [], "includes": [ "kubelet", "kube-nodeport-services" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Worker Node", "source_ports": [], "version": "" }, "kubelet": { "description": "The kubelet API is used to communicate between kube-scheduler and the node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10250", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kubelet-readonly": { "description": "The kubelet API is used to communicate between kube-scheduler and the node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10255", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet read", "source_ports": [], "version": "" }, "kubelet-worker": { "description": "Backwards compatibility after service renaming", "destination": {}, "helpers": [], "includes": [ "kube-worker" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Worker Node", "source_ports": [], "version": "" }, "ldap": { "description": "Lightweight Directory Access Protocol (LDAP) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "389", "tcp" ] ], "protocols": [], "short": "LDAP", "source_ports": [], "version": "" }, "ldaps": { "description": "Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "636", "tcp" ] ], "protocols": [], "short": "LDAPS", "source_ports": [], "version": "" }, "libvirt": { "description": "Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "16509", "tcp" ] ], "protocols": [], "short": "Virtual Machine Management", "source_ports": [], "version": "" }, "libvirt-tls": { "description": "Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "16514", "tcp" ] ], "protocols": [], "short": "Virtual Machine Management (TLS)", "source_ports": [], "version": "" }, "lightning-network": { "description": "The default port used by Lightning Network. Enable this option if you plan to be a Lightning Network node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9735", "tcp" ] ], "protocols": [], "short": "Lightning Network", "source_ports": [], "version": "" }, "llmnr": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. In order to allow this host to resolve other hosts, use the llmnr-client service. ", "destination": {}, "helpers": [], "includes": [ "llmnr-tcp", "llmnr-udp" ], "modules": [], "ports": [], "protocols": [], "short": "LLMNR", "source_ports": [], "version": "" }, "llmnr-client": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service allows incoming LLMNR responses. Due to protocol details the service matches by source port and thus allows unsolicited responses. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "LLMNR Client", "source_ports": [ [ "5355", "udp" ] ], "version": "" }, "llmnr-tcp": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5355", "tcp" ] ], "protocols": [], "short": "LLMNR (TCP)", "source_ports": [], "version": "" }, "llmnr-udp": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ", "destination": { "ipv4": "224.0.0.252", "ipv6": "ff02::1:3" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5355", "udp" ] ], "protocols": [], "short": "LLMNR (UDP)", "source_ports": [], "version": "" }, "managesieve": { "description": "The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4190", "tcp" ] ], "protocols": [], "short": "ManageSieve", "source_ports": [], "version": "" }, "matrix": { "description": "Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Port 443 is the 'client' port, whereas port 8448 is the Federation port. Federation is the process by which users on different servers can participate in the same room.", "destination": {}, "helpers": [], "includes": [ "https" ], "modules": [], "ports": [ [ "8448", "tcp" ] ], "protocols": [], "short": "Matrix", "source_ports": [], "version": "" }, "mdns": { "description": "mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.", "destination": { "ipv4": "224.0.0.251", "ipv6": "ff02::fb" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5353", "udp" ] ], "protocols": [], "short": "Multicast DNS (mDNS)", "source_ports": [], "version": "" }, "memcache": { "description": "memcache is a high-performance object caching system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "11211", "tcp" ], [ "11211", "udp" ] ], "protocols": [], "short": "memcache", "source_ports": [], "version": "" }, "minecraft": { "description": " Minecraft is a sandbox game developed by Mojang Studios. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25565", "tcp" ], [ "25565", "udp" ] ], "protocols": [], "short": "Minecraft", "source_ports": [], "version": "" }, "minidlna": { "description": "MiniDLNA is a simple media server software with the aim to be fully compliant with DLNA/UPNP-AV clients. Enable this service if you run minidlna service.", "destination": {}, "helpers": [], "includes": [ "ssdp" ], "modules": [], "ports": [ [ "8200", "tcp" ] ], "protocols": [], "short": "MiniDLNA", "source_ports": [], "version": "" }, "mongodb": { "description": "MongoDB is a free and open-source cross-platform document-oriented database program.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "27017", "tcp" ] ], "protocols": [], "short": "mongodb", "source_ports": [], "version": "" }, "mosh": { "description": "Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of \"network lag\" on high-latency connections.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "60000-61000", "udp" ] ], "protocols": [], "short": "Mobile shell that supports roaming and intelligent local echo.", "source_ports": [], "version": "" }, "mountd": { "description": "NFS Mount Lock Daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "20048", "tcp" ], [ "20048", "udp" ] ], "protocols": [], "short": "mountd", "source_ports": [], "version": "" }, "mqtt": { "description": "The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1883", "tcp" ] ], "protocols": [], "short": "mqtt", "source_ports": [], "version": "" }, "mqtt-tls": { "description": "The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8883", "tcp" ] ], "protocols": [], "short": "mqtt-tls", "source_ports": [], "version": "" }, "ms-wbt": { "description": "Microsoft Windows-based Terminal Server", "destination": {}, "helpers": [], "includes": [ "rdp" ], "modules": [], "ports": [], "protocols": [], "short": "ms-wbt", "source_ports": [], "version": "" }, "mssql": { "description": "Microsoft SQL Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1433", "tcp" ] ], "protocols": [], "short": "mssql", "source_ports": [], "version": "" }, "murmur": { "description": "Murmur is the server of the Mumble VoIP chat system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "64738", "tcp" ], [ "64738", "udp" ] ], "protocols": [], "short": "Murmur", "source_ports": [], "version": "" }, "mysql": { "description": "MySQL Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3306", "tcp" ] ], "protocols": [], "short": "MySQL", "source_ports": [], "version": "" }, "nbd": { "description": "Network Block Device (NBD) is a high-performance protocol for exporting disk images between machines.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10809", "tcp" ] ], "protocols": [], "short": "NBD", "source_ports": [], "version": "" }, "nebula": { "description": "Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. The port needs to be open if the host is set as lighthouse.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4242", "udp" ] ], "protocols": [], "short": "Nebula", "source_ports": [], "version": "" }, "need-for-speed-most-wanted": { "description": " Need for Speed: Most Wanted is a 2005 open-world racing video game, and the ninth installment in the Need for Speed series. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "13505", "tcp" ], [ "30900-30999", "tcp" ], [ "3658", "udp" ] ], "protocols": [], "short": "Need for Speed: Most Wanted", "source_ports": [], "version": "" }, "netbios-ns": { "description": "This allows you to find Windows (Samba) servers that share files and printers.", "destination": {}, "helpers": [ "netbios-ns" ], "includes": [], "modules": [], "ports": [ [ "137", "udp" ] ], "protocols": [], "short": "NetBIOS NS", "source_ports": [], "version": "" }, "netdata-dashboard": { "description": "Netdata dashboard is a place to view the results of the netdata monitoring agent", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "19999", "tcp" ] ], "protocols": [], "short": "Netdata Dashboard", "source_ports": [], "version": "" }, "nfs": { "description": "The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2049", "tcp" ] ], "protocols": [], "short": "NFS4", "source_ports": [], "version": "" }, "nfs3": { "description": "The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2049", "tcp" ], [ "2049", "udp" ] ], "protocols": [], "short": "NFS3", "source_ports": [], "version": "" }, "nmea-0183": { "description": "NMEA-0183 Navigational Data server for use with Global Navigation Satellite System (GNSS) devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10110", "tcp" ], [ "10110", "udp" ] ], "protocols": [], "short": "nmea-0183", "source_ports": [], "version": "" }, "nrpe": { "description": "NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5666", "tcp" ] ], "protocols": [], "short": "NRPE", "source_ports": [], "version": "" }, "ntp": { "description": "The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "123", "udp" ] ], "protocols": [], "short": "Network Time Protocol (NTP) Server", "source_ports": [], "version": "" }, "nut": { "description": "Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3493", "tcp" ] ], "protocols": [], "short": "NUT", "source_ports": [], "version": "" }, "opentelemetry": { "description": "OpenTelemetry Protocol (OTLP) specification describes the encoding, transport, and delivery mechanism of telemetry data between telemetry sources, intermediate nodes such as collectors and telemetry backends.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4317", "tcp" ], [ "4318", "tcp" ] ], "protocols": [], "short": "OTLP", "source_ports": [], "version": "" }, "openvpn": { "description": "OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1194", "udp" ] ], "protocols": [], "short": "OpenVPN", "source_ports": [], "version": "" }, "ovirt-imageio": { "description": "oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "54322", "tcp" ] ], "protocols": [], "short": "oVirt Image I/O", "source_ports": [], "version": "" }, "ovirt-storageconsole": { "description": "oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "55863", "tcp" ], [ "39543", "tcp" ] ], "protocols": [], "short": "oVirt Storage-Console", "source_ports": [], "version": "" }, "ovirt-vmconsole": { "description": "oVirt VM Consoles enables secure access to virtual machine serial console.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2223", "tcp" ] ], "protocols": [], "short": "oVirt VM Console", "source_ports": [], "version": "" }, "plex": { "description": "Plex Media Server (PMS) is the back-end media server component of Plex. It organizes content from personal media libraries and streams it to the network.", "destination": {}, "helpers": [], "includes": [ "ssdp" ], "modules": [], "ports": [ [ "32400", "tcp" ], [ "32400", "udp" ], [ "32469", "tcp" ], [ "3005", "tcp" ], [ "8324", "tcp" ], [ "32410", "udp" ], [ "32412", "udp" ], [ "32413", "udp" ], [ "32414", "udp" ] ], "protocols": [], "short": "PLEX", "source_ports": [], "version": "" }, "pmcd": { "description": "This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44321", "tcp" ] ], "protocols": [], "short": "Performance metrics collector (pmcd)", "source_ports": [], "version": "" }, "pmproxy": { "description": "This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44322", "tcp" ] ], "protocols": [], "short": "Performance metrics proxy (pmproxy)", "source_ports": [], "version": "" }, "pmwebapi": { "description": "This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44323", "tcp" ] ], "protocols": [], "short": "Performance metrics web API (pmwebapi)", "source_ports": [], "version": "" }, "pmwebapis": { "description": "This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44324", "tcp" ] ], "protocols": [], "short": "Secure performance metrics web API (pmwebapis)", "source_ports": [], "version": "" }, "pop3": { "description": "The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "110", "tcp" ] ], "protocols": [], "short": "POP-3", "source_ports": [], "version": "" }, "pop3s": { "description": "The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "995", "tcp" ] ], "protocols": [], "short": "POP-3 over SSL", "source_ports": [], "version": "" }, "postgresql": { "description": "PostgreSQL Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5432", "tcp" ] ], "protocols": [], "short": "PostgreSQL", "source_ports": [], "version": "" }, "privoxy": { "description": "Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8118", "tcp" ] ], "protocols": [], "short": "Privoxy - A Privacy Enhancing Proxy Server", "source_ports": [], "version": "" }, "prometheus": { "description": "The Prometheus monitoring system and time series database.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9090", "tcp" ] ], "protocols": [], "short": "prometheus", "source_ports": [], "version": "" }, "prometheus-node-exporter": { "description": "The node-exporter agent for Prometheus monitoring system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9100", "tcp" ] ], "protocols": [], "short": "prometheus-node-exporter", "source_ports": [], "version": "" }, "proxy-dhcp": { "description": "PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4011", "udp" ] ], "protocols": [], "short": "Proxy DHCP", "source_ports": [], "version": "" }, "ps2link": { "description": "ps2link is a protocol used for interacting with a PlayStation 2 system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18194", "udp" ], [ "18193", "tcp" ] ], "protocols": [], "short": "ps2link", "source_ports": [], "version": "" }, "ps3netsrv": { "description": "PS3 Network Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "38008", "tcp" ] ], "protocols": [], "short": "ps3netsrv", "source_ports": [], "version": "" }, "ptp": { "description": "The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "319", "udp" ], [ "320", "udp" ] ], "protocols": [], "short": "Precision Time Protocol (PTP) Master", "source_ports": [], "version": "" }, "pulseaudio": { "description": "A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4713", "tcp" ] ], "protocols": [], "short": "PulseAudio", "source_ports": [], "version": "" }, "puppetmaster": { "description": "Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8140", "tcp" ] ], "protocols": [], "short": "Puppet Master", "source_ports": [], "version": "" }, "quassel": { "description": "Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4242", "tcp" ] ], "protocols": [], "short": "Quassel IRC", "source_ports": [], "version": "" }, "radius": { "description": "The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1812", "tcp" ], [ "1812", "udp" ], [ "1813", "tcp" ], [ "1813", "udp" ] ], "protocols": [], "short": "RADIUS", "source_ports": [], "version": "" }, "rdp": { "description": "Microsoft's Remote Desktop Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3389", "tcp" ] ], "protocols": [], "short": "rdp", "source_ports": [], "version": "" }, "redis": { "description": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6379", "tcp" ] ], "protocols": [], "short": "redis", "source_ports": [], "version": "" }, "redis-sentinel": { "description": "Redis Sentinel provides high availability for Redis.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "26379", "tcp" ] ], "protocols": [], "short": "redis-sentinel", "source_ports": [], "version": "" }, "rpc-bind": { "description": "Remote Procedure Call Bind", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "111", "tcp" ], [ "111", "udp" ] ], "protocols": [], "short": "rpc-bind", "source_ports": [], "version": "" }, "rquotad": { "description": "Remote Quota Server Daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "875", "tcp" ], [ "875", "udp" ] ], "protocols": [], "short": "rquotad", "source_ports": [], "version": "" }, "rsh": { "description": "Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "514", "tcp" ] ], "protocols": [], "short": "rsh", "source_ports": [], "version": "" }, "rsyncd": { "description": "Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "873", "tcp" ], [ "873", "udp" ] ], "protocols": [], "short": "Rsync in daemon mode", "source_ports": [], "version": "" }, "rtsp": { "description": "The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "554", "tcp" ], [ "554", "udp" ] ], "protocols": [], "short": "RTSP", "source_ports": [], "version": "" }, "salt-master": { "description": "Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4505", "tcp" ], [ "4506", "tcp" ] ], "protocols": [], "short": "Salt Master", "source_ports": [], "version": "" }, "samba": { "description": "This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "samba-client" ], "modules": [], "ports": [ [ "139", "tcp" ], [ "445", "tcp" ] ], "protocols": [], "short": "Samba", "source_ports": [], "version": "" }, "samba-client": { "description": "This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "netbios-ns" ], "modules": [], "ports": [ [ "138", "udp" ] ], "protocols": [], "short": "Samba Client", "source_ports": [], "version": "" }, "samba-dc": { "description": "This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "samba", "dns", "kerberos", "ldap", "ldaps", "kpasswd" ], "modules": [], "ports": [ [ "135", "tcp" ], [ "389", "udp" ], [ "49152-65535", "tcp" ], [ "3268", "tcp" ], [ "3269", "tcp" ] ], "protocols": [], "short": "Samba DC", "source_ports": [], "version": "" }, "sane": { "description": "The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host.", "destination": {}, "helpers": [ "sane" ], "includes": [], "modules": [], "ports": [ [ "6566", "tcp" ] ], "protocols": [], "short": "SANE network daemon (saned)", "source_ports": [], "version": "" }, "settlers-history-collection": { "description": "The Settlers History Collection includes History Editions of all seven previous Settlers games, which includes gold versions of each game with all expansions.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1005", "udp" ], [ "1100", "udp" ], [ "3074", "udp" ], [ "6200", "udp" ], [ "6300", "udp" ] ], "protocols": [], "short": "The Settlers History Collection", "source_ports": [], "version": "" }, "sip": { "description": "The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks.", "destination": {}, "helpers": [ "sip" ], "includes": [], "modules": [], "ports": [ [ "5060", "tcp" ], [ "5060", "udp" ] ], "protocols": [], "short": "SIP", "source_ports": [], "version": "" }, "sips": { "description": "SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5061", "tcp" ], [ "5061", "udp" ] ], "protocols": [], "short": "SIP-TLS (SIPS)", "source_ports": [], "version": "" }, "slp": { "description": "The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "427", "tcp" ], [ "427", "udp" ] ], "protocols": [], "short": "SLP", "source_ports": [], "version": "" }, "smtp": { "description": "This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25", "tcp" ] ], "protocols": [], "short": "Mail (SMTP)", "source_ports": [], "version": "" }, "smtp-submission": { "description": "This service is deprecated. Please use the \"submission\" service.", "destination": {}, "helpers": [], "includes": [ "submission" ], "modules": [], "ports": [], "protocols": [], "short": "Mail (SMTP-Submission)", "source_ports": [], "version": "" }, "smtps": { "description": "This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "465", "tcp" ] ], "protocols": [], "short": "Mail (SMTP over SSL)", "source_ports": [], "version": "" }, "snmp": { "description": "Simple Network Management Protocol is an \"Internet-standard protocol for managing devices on IP networks\". Enable this service if you run SNMP agent (server).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "161", "tcp" ], [ "161", "udp" ] ], "protocols": [], "short": "SNMP", "source_ports": [], "version": "" }, "snmptls": { "description": "Simple Network Management Protocol over TLS/DTLS is an \"Internet-standard protocol for managing devices on IP networks\" protected by TLS. Enable this service if you run SNMP agent (server).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10161", "tcp" ], [ "10161", "udp" ] ], "protocols": [], "short": "Secure SNMP (TLS)", "source_ports": [], "version": "" }, "snmptls-trap": { "description": "Secure SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. This port is protected by TLS.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10162", "tcp" ], [ "10162", "udp" ] ], "protocols": [], "short": "Secure SNMPTRAP (TLS)", "source_ports": [], "version": "" }, "snmptrap": { "description": "SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "162", "tcp" ], [ "162", "udp" ] ], "protocols": [], "short": "SNMPTRAP", "source_ports": [], "version": "" }, "spideroak-lansync": { "description": "SpiderOak ONE is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "21327", "udp" ], [ "21328", "udp" ] ], "protocols": [], "short": "SpiderOak ONE LAN-Sync", "source_ports": [], "version": "" }, "spotify-sync": { "description": "The Spotify Client allows you to sync local music files with your phone.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "57621", "udp" ], [ "57621", "tcp" ] ], "protocols": [], "short": "Spotify Client Sync", "source_ports": [], "version": "" }, "squid": { "description": "Squid HTTP proxy server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3128", "tcp" ] ], "protocols": [], "short": "squid", "source_ports": [], "version": "" }, "ssdp": { "description": "The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information.", "destination": { "ipv4": "239.255.255.250", "ipv6": "ff02::c" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1900", "udp" ] ], "protocols": [], "short": "Simple Service Discovery Protocol (SSDP)", "source_ports": [], "version": "" }, "ssh": { "description": "Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22", "tcp" ] ], "protocols": [], "short": "SSH", "source_ports": [], "version": "" }, "statsrv": { "description": " Statistics Server protocol provides a way to give statistics about a system to the outside world. Defined in RFC-996", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "133", "tcp" ], [ "133", "udp" ] ], "protocols": [], "short": "Statistics Server", "source_ports": [], "version": "" }, "steam-streaming": { "description": "Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "27036", "tcp" ], [ "27037", "tcp" ], [ "27031-27036", "udp" ] ], "protocols": [], "short": "Steam In-Home Streaming", "source_ports": [], "version": "" }, "stellaris": { "description": " Explore a galaxy full of wonders in this sci-fi grand strategy game from Paradox Development Studios. Interact with diverse alien races, discover strange new worlds with unexpected events and expand the reach of your empire. Each new adventure holds almost limitless possibilities. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "17780-17785", "udp" ] ], "protocols": [], "short": "Stellaris", "source_ports": [], "version": "" }, "stronghold-crusader": { "description": " The highly anticipated sequel to the best-selling Stronghold, Stronghold Crusader (HD) throws you into historic battles and castle sieges from the Crusades with fiendish AI opponents, new units, 4 historical campaigns and over 100 unique skirmish missions. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2300-2400", "tcp" ], [ "47624", "tcp" ], [ "2300-2400", "udp" ] ], "protocols": [], "short": "Stronghold Crusader", "source_ports": [], "version": "" }, "submission": { "description": "Submission allows remote client users to submit mail using SMTP over port 587.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "587", "tcp" ] ], "protocols": [], "short": "Mail Submission", "source_ports": [], "version": "" }, "supertuxkart": { "description": " SuperTuxKart is a 3D open-source kart racing game. It aims towards fun for players of all skill levels, with item boxes giving random items, nitro, drifting and more. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2759", "tcp" ], [ "2759", "udp" ], [ "2757", "udp" ], [ "2757", "tcp" ] ], "protocols": [], "short": "SuperTuxKart", "source_ports": [], "version": "" }, "svdrp": { "description": "The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6419", "tcp" ], [ "6419", "udp" ] ], "protocols": [], "short": "SVDRP", "source_ports": [], "version": "" }, "svn": { "description": "The custom, unencrypted protocol used the Subversion Version Control System.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3690", "tcp" ] ], "protocols": [], "short": "Subversion", "source_ports": [], "version": "" }, "syncthing": { "description": "Syncthing is a peer-to-peer file synchronization service. Enable this option, if you plan to run the Syncthing service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22000", "tcp" ], [ "22000", "udp" ], [ "21027", "udp" ] ], "protocols": [], "short": "Syncthing", "source_ports": [], "version": "" }, "syncthing-gui": { "description": "Enable this option in addition to the Syncthing option to allow traffic to the Syncthing web interface. (Be sure to secure it accordingly).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8384", "tcp" ] ], "protocols": [], "short": "Syncthing GUI", "source_ports": [], "version": "" }, "syncthing-relay": { "description": "Syncthing is a peer-to-peer file synchronization service. Only enable this option if you run a Syncthing relay server. This separate program (syncthing-relaysrv or relaysrv) is not needed for normal Syncthing usage.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22067", "tcp" ], [ "22070", "tcp" ] ], "protocols": [], "short": "Syncthing Relay", "source_ports": [], "version": "" }, "synergy": { "description": "Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "24800", "tcp" ] ], "protocols": [], "short": "Synergy", "source_ports": [], "version": "" }, "syscomlan": { "description": "Local system communication", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1065", "tcp" ], [ "1065", "udp" ] ], "protocols": [], "short": "syscomlan", "source_ports": [], "version": "" }, "syslog": { "description": "Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "514", "udp" ] ], "protocols": [], "short": "syslog", "source_ports": [], "version": "" }, "syslog-tls": { "description": "Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6514", "tcp" ], [ "6514", "udp" ] ], "protocols": [], "short": "syslog-tls", "source_ports": [], "version": "" }, "telnet": { "description": "Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "23", "tcp" ] ], "protocols": [], "short": "Telnet", "source_ports": [], "version": "" }, "tentacle": { "description": "Tentacle is a protocol for monitoring computer networks. Pandora FMS is one server implementation.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "41121", "tcp" ] ], "protocols": [], "short": "tentacle", "source_ports": [], "version": "" }, "terraria": { "description": " Dig, fight, explore, build! Nothing is impossible in this action-packed adventure game. Four Pack also available! ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7777", "tcp" ] ], "protocols": [], "short": "Terraria", "source_ports": [], "version": "" }, "tftp": { "description": "The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in a simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).", "destination": {}, "helpers": [ "tftp" ], "includes": [], "modules": [], "ports": [ [ "69", "udp" ] ], "protocols": [], "short": "TFTP", "source_ports": [], "version": "" }, "tile38": { "description": "Tile38 is a geospatial database, spatial index, and realtime geofence.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9851", "tcp" ] ], "protocols": [], "short": "tile38", "source_ports": [], "version": "" }, "tinc": { "description": "tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "655", "tcp" ], [ "655", "udp" ] ], "protocols": [], "short": "tinc VPN", "source_ports": [], "version": "" }, "tor-socks": { "description": "Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9050", "tcp" ] ], "protocols": [], "short": "Tor - SOCKS Proxy", "source_ports": [], "version": "" }, "transmission-client": { "description": "Transmission is a lightweight BitTorrent client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "51413", "tcp" ], [ "51413", "udp" ] ], "protocols": [], "short": "Transmission", "source_ports": [], "version": "" }, "upnp-client": { "description": "Universal Plug and Play client for auto-configuration of network routers (use only in trusted zones).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "UPnP Client", "source_ports": [ [ "1900", "udp" ] ], "version": "" }, "vdsm": { "description": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "54321", "tcp" ], [ "5900-6923", "tcp" ], [ "49152-49216", "tcp" ] ], "protocols": [], "short": "oVirt's Virtual Desktop and Server Manager", "source_ports": [], "version": "" }, "vnc-server": { "description": "A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5900-5903", "tcp" ] ], "protocols": [], "short": "Virtual Network Computing Server (VNC)", "source_ports": [], "version": "" }, "vrrp": { "description": "VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.", "destination": { "ipv4": "224.0.0.18", "ipv6": "FF02:0:0:0:0:0:0:12" }, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [ "112" ], "short": "Virtual Router Redundancy Protocol RFC3768 and RFC5798.", "source_ports": [], "version": "" }, "warpinator": { "description": "Warpinator is a file sharing app developed by Linux Mint. Warpinator allows you to send and receive files between computers that are on the same network without the need for any servers or special configuration.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "42000", "tcp" ], [ "42000", "udp" ], [ "42001", "tcp" ] ], "protocols": [], "short": "Warpinator", "source_ports": [], "version": "" }, "wbem-http": { "description": "Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5988", "tcp" ] ], "protocols": [], "short": "wbem-http", "source_ports": [], "version": "" }, "wbem-https": { "description": "Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5989", "tcp" ] ], "protocols": [], "short": "wbem-https", "source_ports": [], "version": "" }, "wireguard": { "description": "WireGuard is the simple, fast and modern VPN. The port needs to be open if a peer has this host explicitly configured as endpoint.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "51820", "udp" ] ], "protocols": [], "short": "WireGuard", "source_ports": [], "version": "" }, "ws-discovery": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": {}, "helpers": [], "includes": [ "ws-discovery-tcp", "ws-discovery-udp" ], "modules": [], "ports": [], "protocols": [], "short": "WS-Discovery", "source_ports": [], "version": "" }, "ws-discovery-client": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. Use only in trusted zones.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "WS-Discovery Client", "source_ports": [ [ "3702", "udp" ] ], "version": "" }, "ws-discovery-tcp": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3702", "tcp" ] ], "protocols": [], "short": "WS-Discovery (TCP)", "source_ports": [], "version": "" }, "ws-discovery-udp": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": { "ipv4": "239.255.255.250", "ipv6": "ff02::c" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3702", "udp" ] ], "protocols": [], "short": "WS-Discovery (UDP)", "source_ports": [], "version": "" }, "wsman": { "description": "Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5985", "tcp" ] ], "protocols": [], "short": "wsman", "source_ports": [], "version": "" }, "wsmans": { "description": "Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5986", "tcp" ] ], "protocols": [], "short": "wsmans", "source_ports": [], "version": "" }, "xdmcp": { "description": "The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "177", "tcp" ], [ "177", "udp" ] ], "protocols": [], "short": "XDMCP", "source_ports": [], "version": "" }, "xmpp-bosh": { "description": "Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5280", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) web client", "source_ports": [], "version": "" }, "xmpp-client": { "description": "Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5222", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) client", "source_ports": [], "version": "" }, "xmpp-local": { "description": "Serverless XMPP-like communication over local networks based on zero-configuration networking.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5298", "tcp" ] ], "protocols": [], "short": "XMPP Link-Local Messaging", "source_ports": [], "version": "" }, "xmpp-server": { "description": "Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5269", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) server", "source_ports": [], "version": "" }, "zabbix-agent": { "description": "Listen port used by Zabbix agents deployed on monitoring targets.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10050", "tcp" ] ], "protocols": [], "short": "Zabbix Agent", "source_ports": [], "version": "" }, "zabbix-java-gateway": { "description": "Listen port for Zabbix Java Gateway for monitoring Java applications over JMX.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10052", "tcp" ] ], "protocols": [], "short": "Zabbix Java Gateway", "source_ports": [], "version": "" }, "zabbix-server": { "description": "This is an alias for zabbix-trapper. This definition is deprecated in favor of zabbix-trapper.", "destination": {}, "helpers": [], "includes": [ "zabbix-trapper" ], "modules": [], "ports": [], "protocols": [], "short": "Zabbix Server", "source_ports": [], "version": "" }, "zabbix-trapper": { "description": "Trapper port to receive monitoring data used by the Zabbix server and Zabbix proxy.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10051", "tcp" ] ], "protocols": [], "short": "Zabbix Trapper", "source_ports": [], "version": "" }, "zabbix-web-service": { "description": "Listen port of Zabbix web service for receiving HTTP based reporting requests.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10053", "tcp" ] ], "protocols": [], "short": "Zabbix Web Service", "source_ports": [], "version": "" }, "zero-k": { "description": " With 100+ truly unique units, Zero-K is an RTS of freedom and creativity, tempered by a decade of refinement. Sculpt land into a castle and throw invaders off it with a Jugglenaut. Explore a massive campaign, solo or co-op. Hop online for epic 32 player battles or fast paced 1v1, on 100s of maps. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8452", "udp" ] ], "protocols": [], "short": "Zero-K", "source_ports": [], "version": "" }, "zerotier": { "description": "ZeroTier creates secure networks between on-premise, cloud, desktop, and mobile devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9993", "udp" ] ], "protocols": [], "short": "ZeroTier", "source_ports": [], "version": "" } }, "zones": { "FedoraServer": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "dhcpv6-client", "cockpit" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" }, "FedoraWorkstation": { "description": "Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [ [ "1025-65535", "udp" ], [ "1025-65535", "tcp" ] ], "protocols": [], "rules_str": [], "services": [ "dhcpv6-client", "ssh", "samba-client" ], "short": "Fedora Workstation", "source_ports": [], "sources": [], "target": "default", "version": "" }, "block": { "description": "Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Block", "source_ports": [], "sources": [], "target": "%%REJECT%%", "version": "" }, "dmz": { "description": "For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh" ], "short": "DMZ", "source_ports": [], "sources": [], "target": "default", "version": "" }, "drop": { "description": "Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Drop", "source_ports": [], "sources": [], "target": "DROP", "version": "" }, "external": { "description": "For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": true, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh" ], "short": "External", "source_ports": [], "sources": [], "target": "default", "version": "" }, "home": { "description": "For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "samba-client", "dhcpv6-client" ], "short": "Home", "source_ports": [], "sources": [], "target": "default", "version": "" }, "internal": { "description": "For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "samba-client", "dhcpv6-client" ], "short": "Internal", "source_ports": [], "sources": [], "target": "default", "version": "" }, "nm-shared": { "description": " This zone is used internally by NetworkManager when activating a profile that uses connection sharing and doesn't have an explicit firewall zone set. Block all traffic to the local machine except ICMP, ICMPv6, DHCP and DNS. Allow all forwarded traffic. Note that future package updates may change the definition of the zone unless you overwrite it with your own definition. ", "egress_priority": 0, "forward": false, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [ "icmp", "ipv6-icmp" ], "rules_str": [ "rule priority=\"32767\" reject" ], "services": [ "dhcp", "dns", "ssh" ], "short": "NetworkManager Shared", "source_ports": [], "sources": [], "target": "ACCEPT", "version": "" }, "public": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client", "https" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" }, "trusted": { "description": "All network connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Trusted", "source_ports": [], "sources": [], "target": "ACCEPT", "version": "" }, "work": { "description": "For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client" ], "short": "Work", "source_ports": [], "sources": [], "target": "default", "version": "" } } }, "default_zone": "public" }, "item": { "detailed": true } } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 27 July 2024 02:27:13 -0400 (0:00:02.411) 0:00:21.200 ********* ok: [managed_node1] => { "ansible_facts": { "firewall_config": { "custom": { "services": { "custom": { "description": "", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "", "source_ports": [], "version": "" } }, "zones": { "public": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client", "https" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" } } }, "default": { "helpers": { "Q.931": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [ [ "1720", "tcp" ] ], "short": "", "version": "" }, "RAS": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [ [ "1719", "udp" ] ], "short": "", "version": "" }, "amanda": { "description": "", "family": "", "module": "nf_conntrack_amanda", "port": [ [ "10080", "udp" ] ], "short": "", "version": "" }, "ftp": { "description": "", "family": "", "module": "nf_conntrack_ftp", "port": [ [ "21", "tcp" ] ], "short": "", "version": "" }, "h323": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [], "short": "", "version": "" }, "irc": { "description": "", "family": "ipv4", "module": "nf_conntrack_irc", "port": [ [ "194", "tcp" ] ], "short": "", "version": "" }, "netbios-ns": { "description": "", "family": "ipv4", "module": "nf_conntrack_netbios_ns", "port": [ [ "137", "udp" ] ], "short": "", "version": "" }, "pptp": { "description": "", "family": "ipv4", "module": "nf_conntrack_pptp", "port": [ [ "1723", "tcp" ] ], "short": "", "version": "" }, "proto-gre": { "description": "", "family": "", "module": "nf_conntrack_proto_gre", "port": [], "short": "", "version": "" }, "sane": { "description": "", "family": "", "module": "nf_conntrack_sane", "port": [ [ "6566", "tcp" ] ], "short": "", "version": "" }, "sip": { "description": "", "family": "", "module": "nf_conntrack_sip", "port": [ [ "5060", "tcp" ], [ "5060", "udp" ] ], "short": "", "version": "" }, "snmp": { "description": "", "family": "ipv4", "module": "nf_conntrack_snmp", "port": [ [ "161", "udp" ] ], "short": "", "version": "" }, "tftp": { "description": "", "family": "", "module": "nf_conntrack_tftp", "port": [ [ "69", "udp" ] ], "short": "", "version": "" } }, "icmptypes": { "address-unreachable": { "description": "This error message is generated by a router, or by the IPv6 layer in the originating node, in response to a packet that cannot be delivered to its destination address for reasons other than congestion.", "destination": [ "ipv6" ], "short": "Address Unreachable", "version": "" }, "bad-header": { "description": "This error message is created if there has been an error in the header of a packet.", "destination": [ "ipv6" ], "short": "Bad Header", "version": "" }, "beyond-scope": { "description": "This error message is sent if transmitting a package would cross a zone boundary of the scope of the source address.", "destination": [ "ipv6" ], "short": "Beyond Scope", "version": "" }, "communication-prohibited": { "description": "This error message is sent if communication with destination administratively prohibited.", "destination": [ "ipv4", "ipv6" ], "short": "Communication Prohibited", "version": "" }, "destination-unreachable": { "description": "This error message is generated by a host or gateway if the destination is not reachable.", "destination": [], "short": "Destination Unreachable", "version": "" }, "echo-reply": { "description": "This message is the answer to an Echo Request.", "destination": [], "short": "Echo Reply (pong)", "version": "" }, "echo-request": { "description": "This message is used to test if a host is reachable mostly with the ping utility.", "destination": [], "short": "Echo Request (ping)", "version": "" }, "failed-policy": { "description": "This error message is generated if the source address failed ingress/egress policy.", "destination": [ "ipv6" ], "short": "Failed Policy", "version": "" }, "fragmentation-needed": { "description": "This error message is sent if fragmentation is required, and Don not Fragment (DF) flag is set.", "destination": [ "ipv4" ], "short": "Fragmentation Needed", "version": "" }, "host-precedence-violation": { "description": "This error message is sent if the communication administratively prohibited.", "destination": [ "ipv4" ], "short": "Host Precedence Violation", "version": "" }, "host-prohibited": { "description": "This error message is sent if access from a host administratively prohibited.", "destination": [ "ipv4" ], "short": "Host Prohibited", "version": "" }, "host-redirect": { "description": "This message is sent if the datagram is redirected for the host.", "destination": [ "ipv4" ], "short": "Host Redirect", "version": "" }, "host-unknown": { "description": "This error message is sent if the destination host is unknown.", "destination": [ "ipv4" ], "short": "Host Unknown", "version": "" }, "host-unreachable": { "description": "This error message is sent if the destination host is unreachable.", "destination": [ "ipv4" ], "short": "Host Unreachable", "version": "" }, "ip-header-bad": { "description": "This error message is sent if the IP header is bad.", "destination": [ "ipv4" ], "short": "Ip Header Bad", "version": "" }, "mld-listener-done": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Done (type 132) (RFC 4890 section 4.4.1). Also known as mld-listener-reduction to nft.", "destination": [ "ipv6" ], "short": "MLD Listener Done", "version": "" }, "mld-listener-query": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Query (type 130) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLD Listener Query", "version": "" }, "mld-listener-report": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Report (type 131) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLD Listener Report", "version": "" }, "mld2-listener-report": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDLv2) of type Multicast Listener Report (type 143) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLDv2 Multicast Listener Report", "version": "" }, "neighbour-advertisement": { "description": "This informational message is sent in response to a neighbour-solicitation message in order to (unreliably) propagate new information quickly.", "destination": [ "ipv6" ], "short": "Neighbour Advertisement (Neighbor Advertisement)", "version": "" }, "neighbour-solicitation": { "description": "This informational message is sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection.", "destination": [ "ipv6" ], "short": "Neighbour Solicitation (Neighbor Solicitation)", "version": "" }, "network-prohibited": { "description": "This message is sent if the network is administratively prohibited.", "destination": [ "ipv4" ], "short": "Network Prohibited", "version": "" }, "network-redirect": { "description": "This message is sent if the datagram is redirected for the network.", "destination": [ "ipv4" ], "short": "Network Redirect", "version": "" }, "network-unknown": { "description": "This message is sent if the destination network is unknown.", "destination": [ "ipv4" ], "short": "Network Unknown", "version": "" }, "network-unreachable": { "description": "This message is sent if the destination network is unreachable.", "destination": [ "ipv4" ], "short": "Network Unreachable", "version": "" }, "no-route": { "description": "This error message is set if there is no route to the destination.", "destination": [ "ipv6" ], "short": "No Route", "version": "" }, "packet-too-big": { "description": "This error message is sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link.", "destination": [ "ipv6" ], "short": "Packet Too Big", "version": "" }, "parameter-problem": { "description": "This error message is generated if the IP header is bad, either by a missing option or bad length.", "destination": [], "short": "Parameter Problem", "version": "" }, "port-unreachable": { "description": "This error message is sent if the port unreachable.", "destination": [ "ipv4", "ipv6" ], "short": "Port Unreachable", "version": "" }, "precedence-cutoff": { "description": "This message is sent if the precedence is lower than the required minimum.", "destination": [ "ipv4" ], "short": "Precedence Cutoff", "version": "" }, "protocol-unreachable": { "description": "This message is sent if the destination protocol is unreachable.", "destination": [ "ipv4" ], "short": "Protocol Unreachable", "version": "" }, "redirect": { "description": "This error message informs a host to send packets on another route.", "destination": [], "short": "Redirect", "version": "" }, "reject-route": { "description": "This error message is sent if the route to destination is rejected.", "destination": [ "ipv6" ], "short": "Reject Route", "version": "" }, "required-option-missing": { "description": "This message is sent if a required option is missing.", "destination": [ "ipv4" ], "short": "Required Option Missing", "version": "" }, "router-advertisement": { "description": "This message is used by routers to periodically announce the IP address of a multicast interface.", "destination": [], "short": "Router Advertisement", "version": "" }, "router-solicitation": { "description": "This message is used by a host attached to a multicast link to request a Router Advertisement.", "destination": [], "short": "Router Solicitation", "version": "" }, "source-quench": { "description": "This error message is generated to tell a host to reduce the pace at which it is sending packets.", "destination": [ "ipv4" ], "short": "Source Quench", "version": "" }, "source-route-failed": { "description": "This message is sent if the source route has failed.", "destination": [ "ipv4" ], "short": "Source Route Failed", "version": "" }, "time-exceeded": { "description": "This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet.", "destination": [], "short": "Time Exceeded", "version": "" }, "timestamp-reply": { "description": "This message is used to reply to a timestamp message.", "destination": [ "ipv4" ], "short": "Timestamp Reply", "version": "" }, "timestamp-request": { "description": "This message is used for time synchronization.", "destination": [ "ipv4" ], "short": "Timestamp Request", "version": "" }, "tos-host-redirect": { "description": "This message is the datagram is redirected for the type of service and host.", "destination": [ "ipv4" ], "short": "TOS Host Redirect", "version": "" }, "tos-host-unreachable": { "description": "This message is sent if the host is unreachable for the type of service.", "destination": [ "ipv4" ], "short": "TOS Host Unreachable", "version": "" }, "tos-network-redirect": { "description": "This message is sent if the datagram is redirected for the type of service and network.", "destination": [ "ipv4" ], "short": "TOS Network Redirect", "version": "" }, "tos-network-unreachable": { "description": "This error message is sent if the network is unreachable for the type of service.", "destination": [ "ipv4" ], "short": "TOS Network Unreachable", "version": "" }, "ttl-zero-during-reassembly": { "description": "This error message is sent if a host fails to reassemble a fragmented datagram within its time limit.", "destination": [ "ipv4", "ipv6" ], "short": "TTL Zero During Reassembly", "version": "" }, "ttl-zero-during-transit": { "description": "This error message is sent if the time to live exceeded in transit.", "destination": [ "ipv4", "ipv6" ], "short": "TTL Zero During Transit", "version": "" }, "unknown-header-type": { "description": "This error message is sent if an unrecognized Next Header type encountered.", "destination": [ "ipv6" ], "short": "Unknown Header Type", "version": "" }, "unknown-option": { "description": "This error message is sent if an unrecognized IPv6 option encountered.", "destination": [ "ipv6" ], "short": "Unknown Option", "version": "" } }, "policies": { "allow-host-ipv6": { "description": "Allows basic IPv6 functionality for the host running firewalld.", "egress_zones": [ "HOST" ], "forward_ports": [], "icmp_blocks": [], "ingress_zones": [ "ANY" ], "masquerade": false, "ports": [], "priority": -15000, "protocols": [], "rich_rules": [ "rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept", "rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept", "rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept", "rule family=\"ipv6\" icmp-type name=\"redirect\" accept" ], "services": [], "short": "Allow host IPv6", "source_ports": [], "target": "CONTINUE", "version": "" } }, "services": { "0-AD": { "description": " 0 A.D. is a real-time strategy (RTS) game of ancient warfare. It's a historically-based war/economy game that allows players to relive or rewrite the history of thirteen ancient civilizations, each depicted at their peak of economic growth and military prowess. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "20595", "udp" ] ], "protocols": [], "short": "0 A.D.", "source_ports": [], "version": "" }, "RH-Satellite-6": { "description": "Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.", "destination": {}, "helpers": [], "includes": [ "foreman" ], "modules": [], "ports": [ [ "5000", "tcp" ], [ "5646-5647", "tcp" ], [ "5671", "tcp" ], [ "8000", "tcp" ], [ "8080", "tcp" ], [ "9090", "tcp" ] ], "protocols": [], "short": "Red Hat Satellite 6", "source_ports": [], "version": "" }, "RH-Satellite-6-capsule": { "description": "Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.", "destination": {}, "helpers": [], "includes": [ "RH-Satellite-6" ], "modules": [], "ports": [ [ "8443", "tcp" ] ], "protocols": [], "short": "Red Hat Satellite 6 Capsule", "source_ports": [], "version": "" }, "afp": { "description": "The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "548", "tcp" ] ], "protocols": [], "short": "AFP", "source_ports": [], "version": "" }, "alvr": { "description": "ALVR is an open source remote VR display which allows playing SteamVR games on a standalone headset such as Gear VR or Oculus Go/Quest.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9943-9944", "tcp" ], [ "9943-9944", "udp" ] ], "protocols": [], "short": "Stream VR games from your PC to your headset via Wi-Fi", "source_ports": [], "version": "" }, "amanda-client": { "description": "The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.", "destination": {}, "helpers": [ "amanda" ], "includes": [], "modules": [], "ports": [ [ "10080", "udp" ], [ "10080", "tcp" ] ], "protocols": [], "short": "Amanda Backup Client", "source_ports": [], "version": "" }, "amanda-k5-client": { "description": "The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication", "destination": {}, "helpers": [ "amanda" ], "includes": [], "modules": [], "ports": [ [ "10082", "tcp" ] ], "protocols": [], "short": "Amanda Backup Client (kerberized)", "source_ports": [], "version": "" }, "amqp": { "description": "The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5672", "tcp" ] ], "protocols": [], "short": "amqp", "source_ports": [], "version": "" }, "amqps": { "description": "The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5671", "tcp" ] ], "protocols": [], "short": "amqps", "source_ports": [], "version": "" }, "anno-1602": { "description": " Anno 1602 is a construction and management video game. Set in the early modern period, it requires the player to build colonies on small islands and manage resources, exploration, diplomacy and trade. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "47624", "tcp" ], [ "2300-2400", "tcp" ], [ "2300-2400", "udp" ] ], "protocols": [], "short": "Anno 1602", "source_ports": [], "version": "" }, "anno-1800": { "description": " Anno 1800 - Lead the Industrial Revolution! Welcome to the dawn of the Industrial Age. The path you choose will define your world. Are you an innovator or an exploiter? A conqueror or a liberator? How the world remembers your name is up to you. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18000", "udp" ] ], "protocols": [], "short": "Anno 1800", "source_ports": [], "version": "" }, "apcupsd": { "description": "The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3551", "tcp" ] ], "protocols": [], "short": "apcupsd", "source_ports": [], "version": "" }, "audit": { "description": "The Linux Audit subsystem is used to log security events. Enable this option, if you plan to aggregate audit events to/from a remote server/client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "60", "tcp" ] ], "protocols": [], "short": "Audit", "source_ports": [], "version": "" }, "ausweisapp2": { "description": "AusweisApp2 is an official government application to provide electronic identification services (eID) in conjunction with an approved electronic identification document such as the german nPA. In order to use your Smartphone as a card reader enable this service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "24727", "udp" ] ], "protocols": [], "short": "AusweisApp2", "source_ports": [], "version": "1.17.1" }, "bacula": { "description": "Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9101", "tcp" ], [ "9102", "tcp" ], [ "9103", "tcp" ] ], "protocols": [], "short": "Bacula", "source_ports": [], "version": "" }, "bacula-client": { "description": "This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9102", "tcp" ] ], "protocols": [], "short": "Bacula Client", "source_ports": [], "version": "" }, "bareos-director": { "description": "This option allows connections to a local Bareos Director. These connections are typically initiated by Bareos consoles (bconsole). Bareos WebUI and Bareos File Daemon (when using Client Initiated Connections).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9101", "tcp" ] ], "protocols": [], "short": "Bareos Director Daemon (bareos-dir)", "source_ports": [], "version": "" }, "bareos-filedaemon": { "description": "This option allows a Bareos Director to connect to the local Bareos File Daemon.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9102", "tcp" ] ], "protocols": [], "short": "Bareos File Daemon (bareos-fd)", "source_ports": [], "version": "" }, "bareos-storage": { "description": "This option allows Bareos Director and File Daemons to connect to the local Bareos Storage Daemon to send/receive data and manage volumes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9103", "tcp" ] ], "protocols": [], "short": "Bareos Storage Daemon (bareos-sd)", "source_ports": [], "version": "" }, "bb": { "description": "Big Brother is a plain text protocol for sending and receiving client data, reports, and queries to a BB-compatible monitoring server or proxy. The standard IANA port for a listening Big Brother service is 1984, because of course it is.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1984", "tcp" ], [ "1984", "udp" ] ], "protocols": [], "short": "Big Brother", "source_ports": [], "version": "" }, "bgp": { "description": "Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "179", "tcp" ] ], "protocols": [], "short": "BGP service listen", "source_ports": [], "version": "" }, "bitcoin": { "description": "The default port used by Bitcoin. Enable this option if you plan to be a full Bitcoin node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8333", "tcp" ] ], "protocols": [], "short": "Bitcoin", "source_ports": [], "version": "" }, "bitcoin-rpc": { "description": "Enable this option if you need access to the Bitcoin RPC interface. This is not required when connecting on localhost.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8332", "tcp" ] ], "protocols": [], "short": "Bitcoin RPC", "source_ports": [], "version": "" }, "bitcoin-testnet": { "description": "The default port used by Bitcoin testnet. Enable this option if you plan to be a Bitcoin full node on the test network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18333", "tcp" ] ], "protocols": [], "short": "Bitcoin testnet", "source_ports": [], "version": "" }, "bitcoin-testnet-rpc": { "description": "Enable this option if you need access to the Bitcoin RPC interface running on the testnet. This is not required when connecting on localhost.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18332", "tcp" ] ], "protocols": [], "short": "Bitcoin testnet RPC", "source_ports": [], "version": "" }, "bittorrent-lsd": { "description": "Local Peer Discovery is a protocol designed to support the discovery of BitTorrent peers on a local area network. Enable this service if you run a BitTorrent client.", "destination": { "ipv4": "239.192.152.143", "ipv6": "ff15::efc0:988f" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6771", "udp" ] ], "protocols": [], "short": "BitTorrent Local Peer Discovery (LSD)", "source_ports": [], "version": "" }, "ceph": { "description": "Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS), or Manager Daemons (MGR).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6800-7568", "tcp" ] ], "protocols": [], "short": "ceph", "source_ports": [], "version": "" }, "ceph-exporter": { "description": "The Prometheus module running on Ceph manager to expose metrics.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9283", "tcp" ] ], "protocols": [], "short": "ceph-exporter", "source_ports": [], "version": "" }, "ceph-mon": { "description": "Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3300", "tcp" ], [ "6789", "tcp" ] ], "protocols": [], "short": "ceph-mon", "source_ports": [], "version": "" }, "cfengine": { "description": "CFEngine server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5308", "tcp" ] ], "protocols": [], "short": "CFEngine", "source_ports": [], "version": "" }, "checkmk-agent": { "description": "The checkmk monitoring agent runs on clients to provide detailed host state.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6556", "tcp" ] ], "protocols": [], "short": "checkmk agent", "source_ports": [], "version": "" }, "civilization-iv": { "description": " Civilization IV is a 4X turn-based strategy computer game and the fourth installment of the Civilization series. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2033", "tcp" ], [ "2056", "tcp" ], [ "3783", "tcp" ], [ "6500", "tcp" ], [ "6667", "tcp" ], [ "28900", "tcp" ], [ "29900-29901", "tcp" ], [ "2033", "udp" ], [ "2302-2400", "udp" ], [ "6500", "udp" ], [ "6515", "udp" ], [ "13139", "udp" ], [ "27900", "udp" ] ], "protocols": [], "short": "Sid Meier's Civilization IV", "source_ports": [], "version": "" }, "civilization-v": { "description": " Become Ruler of the World by establishing and leading a civilization from the dawn of man into the space age: Wage war, conduct diplomacy, discover new technologies, go head-to-head with some of history’s greatest leaders and build the most powerful empire the world has ever known. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1745", "tcp" ], [ "1795", "tcp" ], [ "3074", "tcp" ], [ "27015-27030", "tcp" ], [ "27036-27037", "tcp" ], [ "1745", "udp" ], [ "1795", "udp" ], [ "3064", "udp" ], [ "3074", "udp" ], [ "4380", "udp" ], [ "27000-27031", "udp" ], [ "27036", "udp" ] ], "protocols": [], "short": "Sid Meier's Civilization V", "source_ports": [], "version": "" }, "cockpit": { "description": "Cockpit lets you access and configure your server remotely.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9090", "tcp" ] ], "protocols": [], "short": "Cockpit", "source_ports": [], "version": "" }, "collectd": { "description": "Collectd is a monitoring system that allows metrics to be sent over the network. This rule allows incoming collectd traffic from remote boxes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25826", "udp" ] ], "protocols": [], "short": "Collectd", "source_ports": [], "version": "" }, "condor-collector": { "description": "The HT Condor Collector is needed to organize the condor worker nodes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9618", "tcp" ] ], "protocols": [], "short": "HT Condor Collector", "source_ports": [], "version": "" }, "cratedb": { "description": "CrateDB is a distributed SQL database management system that integrates a fully searchable document oriented data store.", "destination": {}, "helpers": [], "includes": [ "postgresql" ], "modules": [], "ports": [ [ "4200", "tcp" ], [ "4300", "tcp" ] ], "protocols": [], "short": "CrateDB", "source_ports": [], "version": "" }, "ctdb": { "description": "CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4379", "tcp" ], [ "4379", "udp" ] ], "protocols": [], "short": "CTDB", "source_ports": [], "version": "" }, "dds": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast and multicast service for domains with ID 0 through 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": {}, "helpers": [], "includes": [ "dds-multicast", "dds-unicast" ], "modules": [], "ports": [], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dds-multicast": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 to 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": { "ipv4": "239.255.0.1" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7400-7401", "udp" ], [ "7650-7651", "udp" ], [ "7900-7901", "udp" ], [ "8150-8151", "udp" ], [ "8400-8401", "udp" ], [ "8650-8651", "udp" ], [ "8900-8901", "udp" ], [ "9150-9151", "udp" ], [ "9400-9401", "udp" ], [ "9650-9651", "udp" ], [ "9900-9901", "udp" ] ], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dds-unicast": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 ito 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7402-7649", "udp" ], [ "7652-7899", "udp" ], [ "7902-8149", "udp" ], [ "8152-8339", "udp" ], [ "8402-8649", "udp" ], [ "8652-8899", "udp" ], [ "8902-9149", "udp" ], [ "9152-9339", "udp" ], [ "9402-9649", "udp" ], [ "9652-9899", "udp" ], [ "9902-10149", "udp" ] ], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dhcp": { "description": "This allows a DHCP server to accept messages from DHCP clients and relay agents.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "67", "udp" ] ], "protocols": [], "short": "DHCP", "source_ports": [], "version": "" }, "dhcpv6": { "description": "This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "547", "udp" ] ], "protocols": [], "short": "DHCPv6", "source_ports": [], "version": "" }, "dhcpv6-client": { "description": "This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server.", "destination": { "ipv6": "fe80::/64" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "546", "udp" ] ], "protocols": [], "short": "DHCPv6 Client", "source_ports": [], "version": "" }, "distcc": { "description": "Distcc is a protocol used for distributed compilation.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3632", "tcp" ] ], "protocols": [], "short": "distcc", "source_ports": [], "version": "" }, "dns": { "description": "The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "53", "tcp" ], [ "53", "udp" ] ], "protocols": [], "short": "DNS", "source_ports": [], "version": "" }, "dns-over-quic": { "description": "DNS over QUIC (DoQ) is a protocol that combines the security and performance benefits of the QUIC transport protocol with DNS operations, providing encrypted, faster, and more resilient domain name resolution (rfc9250).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "853", "udp" ] ], "protocols": [], "short": "DNS over QUIC", "source_ports": [], "version": "" }, "dns-over-tls": { "description": "DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "853", "tcp" ] ], "protocols": [], "short": "DNS over TLS", "source_ports": [], "version": "" }, "docker-registry": { "description": "Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5000", "tcp" ] ], "protocols": [], "short": "Docker Registry", "source_ports": [], "version": "" }, "docker-swarm": { "description": "Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2377", "tcp" ], [ "7946", "tcp" ], [ "7946", "udp" ], [ "4789", "udp" ] ], "protocols": [ "esp" ], "short": "Docker integrated swarm mode", "source_ports": [], "version": "" }, "dropbox-lansync": { "description": "Dropbox LAN sync", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "17500", "udp" ], [ "17500", "tcp" ] ], "protocols": [], "short": "dropboxlansync", "source_ports": [], "version": "1.0" }, "elasticsearch": { "description": "Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9300", "tcp" ], [ "9200", "tcp" ] ], "protocols": [], "short": "Elasticsearch", "source_ports": [], "version": "" }, "etcd-client": { "description": "etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2379", "tcp" ] ], "protocols": [], "short": "etcd Client", "source_ports": [], "version": "" }, "etcd-server": { "description": "etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2380", "tcp" ] ], "protocols": [], "short": "etcd Server", "source_ports": [], "version": "" }, "factorio": { "description": " Factorio is a game about building and creating automated factories to produce items of increasing complexity, within an infinite 2D world. Use your imagination to design your factory, combine simple elements into ingenious structures, and finally protect it from the creatures who don't really like you. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "34197", "udp" ] ], "protocols": [], "short": "Factorio", "source_ports": [], "version": "" }, "finger": { "description": "Finger is a protocol for obtaining information about users on remote hosts.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "79", "tcp" ] ], "protocols": [], "short": "finger", "source_ports": [], "version": "" }, "foreman": { "description": "Foreman is a complete lifecycle management tool for physical and virtual servers.", "destination": {}, "helpers": [], "includes": [ "dns", "http", "https", "dhcp", "tftp" ], "modules": [], "ports": [ [ "68", "udp" ], [ "8140", "tcp" ] ], "protocols": [], "short": "foreman", "source_ports": [], "version": "" }, "foreman-proxy": { "description": "The Smart Proxy is a project which provides a restful API to various sub-systems.", "destination": {}, "helpers": [], "includes": [ "foreman" ], "modules": [], "ports": [ [ "8443", "tcp" ] ], "protocols": [], "short": "foreman-proxy", "source_ports": [], "version": "" }, "freeipa-4": { "description": "FreeIPA is an integrated identity and authentication solution with Kerberos, LDAP, PKI, and web UI. Enable this option if you plan to provide a FreeIPA server. Enable the 'dns' service if this FreeIPA server provides DNS services, 'ntp' service if this FreeIPA server provides NTP services, and 'freeipa-trust' for cross-forest trusts with Active Directory.", "destination": {}, "helpers": [], "includes": [ "http", "https", "kerberos", "kpasswd", "ldap", "ldaps" ], "modules": [], "ports": [], "protocols": [], "short": "FreeIPA 4 server", "source_ports": [], "version": "" }, "freeipa-ldap": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ], [ "443", "tcp" ], [ "88", "tcp" ], [ "88", "udp" ], [ "464", "tcp" ], [ "464", "udp" ], [ "123", "udp" ], [ "389", "tcp" ] ], "protocols": [], "short": "FreeIPA with LDAP (deprecated)", "source_ports": [], "version": "" }, "freeipa-ldaps": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ], [ "443", "tcp" ], [ "88", "tcp" ], [ "88", "udp" ], [ "464", "tcp" ], [ "464", "udp" ], [ "123", "udp" ], [ "636", "tcp" ] ], "protocols": [], "short": "FreeIPA with LDAPS (deprecated)", "source_ports": [], "version": "" }, "freeipa-replication": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7389", "tcp" ] ], "protocols": [], "short": "FreeIPA replication (deprecated)", "source_ports": [], "version": "" }, "freeipa-trust": { "description": "FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "135", "tcp" ], [ "138-139", "tcp" ], [ "138-139", "udp" ], [ "389", "tcp" ], [ "389", "udp" ], [ "445", "tcp" ], [ "445", "udp" ], [ "49152-65535", "tcp" ], [ "3268", "tcp" ] ], "protocols": [], "short": "FreeIPA trust setup", "source_ports": [], "version": "" }, "ftp": { "description": "FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.", "destination": {}, "helpers": [ "ftp" ], "includes": [], "modules": [], "ports": [ [ "21", "tcp" ] ], "protocols": [], "short": "FTP", "source_ports": [], "version": "" }, "galera": { "description": "MariaDB-Galera Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3306", "tcp" ], [ "4567", "tcp" ], [ "4568", "tcp" ], [ "4444", "tcp" ] ], "protocols": [], "short": "Galera", "source_ports": [], "version": "" }, "ganglia-client": { "description": "Ganglia monitoring daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8660", "tcp" ] ], "protocols": [], "short": "ganglia-client", "source_ports": [], "version": "" }, "ganglia-master": { "description": "Ganglia collector", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8651", "tcp" ] ], "protocols": [], "short": "ganglia-master", "source_ports": [], "version": "" }, "git": { "description": "The git daemon for supporting git:// access to git repositories.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9418", "tcp" ] ], "protocols": [], "short": "git", "source_ports": [], "version": "" }, "gpsd": { "description": "gpsd is a service daemon that monitors one or more GPSes or AIS receivers attached to a host computer through serial or USB ports, making all data on the location/course/velocity of the sensors available to be queried on TCP port 2947 of the host computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2947", "tcp" ] ], "protocols": [], "short": "gpsd", "source_ports": [], "version": "" }, "grafana": { "description": "Grafana is an open platform for beautiful analytics and monitoring", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3000", "tcp" ] ], "protocols": [], "short": "grafana", "source_ports": [], "version": "" }, "gre": { "description": "", "destination": {}, "helpers": [ "proto-gre" ], "includes": [], "modules": [], "ports": [], "protocols": [ "gre" ], "short": "", "source_ports": [], "version": "" }, "high-availability": { "description": "This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2224", "tcp" ], [ "3121", "tcp" ], [ "5403", "tcp" ], [ "5404", "udp" ], [ "5405-5412", "udp" ], [ "9929", "tcp" ], [ "9929", "udp" ], [ "21064", "tcp" ] ], "protocols": [], "short": "Red Hat High Availability", "source_ports": [], "version": "" }, "http": { "description": "HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ] ], "protocols": [], "short": "WWW (HTTP)", "source_ports": [], "version": "" }, "http3": { "description": "HTTP/3 is a protocol used to serve Web pages that uses QUIC as the transport protocol. If you plan to make your HTTP/3 compatible Web server publicly available, enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "443", "udp" ] ], "protocols": [], "short": "WWW (HTTP/3)", "source_ports": [], "version": "" }, "https": { "description": "HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "443", "tcp" ] ], "protocols": [], "short": "Secure WWW (HTTPS)", "source_ports": [], "version": "" }, "ident": { "description": "The Identification Protocol as specified in RFC 1413, which is used to determine the identity of a user of a particular TCP connection.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "113", "tcp" ] ], "protocols": [], "short": "Ident Protocol", "source_ports": [], "version": "" }, "imap": { "description": "The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "143", "tcp" ] ], "protocols": [], "short": "IMAP", "source_ports": [], "version": "" }, "imaps": { "description": "The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "993", "tcp" ] ], "protocols": [], "short": "IMAP over SSL", "source_ports": [], "version": "" }, "ipfs": { "description": "The InterPlanetary File System (IPFS) is a peer-to-peer hypermedia protocol designed to make the web faster, safer, and more open", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4001", "tcp" ], [ "4001", "udp" ] ], "protocols": [], "short": "IPFS", "source_ports": [], "version": "" }, "ipp": { "description": "The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "631", "tcp" ], [ "631", "udp" ] ], "protocols": [], "short": "Network Printing Server (IPP)", "source_ports": [], "version": "" }, "ipp-client": { "description": "The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "631", "udp" ] ], "protocols": [], "short": "Network Printing Client (IPP)", "source_ports": [], "version": "" }, "ipsec": { "description": "Internet Protocol Security (IPsec) is the standardized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practice.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "500", "udp" ], [ "4500", "udp" ], [ "4500", "tcp" ] ], "protocols": [ "ah", "esp" ], "short": "IPsec", "source_ports": [], "version": "" }, "irc": { "description": "An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6667", "tcp" ] ], "protocols": [], "short": "IRC", "source_ports": [], "version": "" }, "ircs": { "description": "An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6697", "tcp" ] ], "protocols": [], "short": "IRC TLS/SSL", "source_ports": [], "version": "" }, "iscsi-target": { "description": "Internet SCSI target is a storage resource located on an iSCSI server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3260", "tcp" ], [ "3260", "udp" ] ], "protocols": [], "short": "iSCSI target", "source_ports": [], "version": "" }, "isns": { "description": "The Internet Storage Name Service (iSNS) is a protocol that allows automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3205", "tcp" ], [ "3205", "udp" ] ], "protocols": [], "short": "iSNS", "source_ports": [], "version": "" }, "jenkins": { "description": "Jenkins is an open source automation server written in Java.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8080", "tcp" ] ], "protocols": [], "short": "jenkins", "source_ports": [], "version": "" }, "kadmin": { "description": "Kerberos Administration Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "749", "tcp" ] ], "protocols": [], "short": "kadmin", "source_ports": [], "version": "" }, "kdeconnect": { "description": "KDE Connect is an application to connect your phone to your computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1714-1764", "tcp" ], [ "1714-1764", "udp" ] ], "protocols": [], "short": "KDE Connect", "source_ports": [], "version": "" }, "kerberos": { "description": "Kerberos network authentication protocol server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "88", "tcp" ], [ "88", "udp" ] ], "protocols": [], "short": "Kerberos", "source_ports": [], "version": "" }, "kibana": { "description": "Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5601", "tcp" ] ], "protocols": [], "short": "Kibana", "source_ports": [], "version": "" }, "klogin": { "description": "The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "543", "tcp" ] ], "protocols": [], "short": "klogin", "source_ports": [], "version": "" }, "kpasswd": { "description": "Kerberos password (Kpasswd) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "464", "tcp" ], [ "464", "udp" ] ], "protocols": [], "short": "Kpasswd", "source_ports": [], "version": "" }, "kprop": { "description": "Kerberos KDC Propagation Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "754", "tcp" ] ], "protocols": [], "short": "kprop", "source_ports": [], "version": "" }, "kshell": { "description": "Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "544", "tcp" ] ], "protocols": [], "short": "kshell", "source_ports": [], "version": "" }, "kube-api": { "description": "Backwards compatibility after service renaming", "destination": {}, "helpers": [], "includes": [ "kubelet" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kube-apiserver": { "description": "The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6443", "tcp" ] ], "protocols": [], "short": "Kubernetes Api Server", "source_ports": [], "version": "" }, "kube-control-plane": { "description": "The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others", "destination": {}, "helpers": [], "includes": [ "etcd-client", "etcd-server", "kube-apiserver", "kube-controller-manager", "kube-scheduler" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Control-plane Node", "source_ports": [], "version": "" }, "kube-control-plane-secure": { "description": "The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others", "destination": {}, "helpers": [], "includes": [ "etcd-client", "etcd-server", "kube-apiserver", "kube-controller-manager-secure", "kube-scheduler-secure" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Control-plane Node - secure", "source_ports": [], "version": "" }, "kube-controller-manager": { "description": "The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10252", "tcp" ] ], "protocols": [], "short": "Kubernetes Controller Manager", "source_ports": [], "version": "" }, "kube-controller-manager-secure": { "description": "The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10257", "tcp" ] ], "protocols": [], "short": "Kubernetes Controller Manager - Secure", "source_ports": [], "version": "" }, "kube-nodeport-services": { "description": "Services of type NodePort expose a port on each worker", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "30000-32767", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kube-scheduler": { "description": "The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10251", "tcp" ] ], "protocols": [], "short": "Kubernetes Scheduler", "source_ports": [], "version": "" }, "kube-scheduler-secure": { "description": "The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10259", "tcp" ] ], "protocols": [], "short": "Kubernetes Scheduler - secure", "source_ports": [], "version": "" }, "kube-worker": { "description": "The Kubernetes Worker Node runs some (or sometimes all) of the workloads of the Kubernetes cluster. There might be NodoPort services associated with these workloads.", "destination": {}, "helpers": [], "includes": [ "kubelet", "kube-nodeport-services" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Worker Node", "source_ports": [], "version": "" }, "kubelet": { "description": "The kubelet API is used to communicate between kube-scheduler and the node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10250", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kubelet-readonly": { "description": "The kubelet API is used to communicate between kube-scheduler and the node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10255", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet read", "source_ports": [], "version": "" }, "kubelet-worker": { "description": "Backwards compatibility after service renaming", "destination": {}, "helpers": [], "includes": [ "kube-worker" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Worker Node", "source_ports": [], "version": "" }, "ldap": { "description": "Lightweight Directory Access Protocol (LDAP) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "389", "tcp" ] ], "protocols": [], "short": "LDAP", "source_ports": [], "version": "" }, "ldaps": { "description": "Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "636", "tcp" ] ], "protocols": [], "short": "LDAPS", "source_ports": [], "version": "" }, "libvirt": { "description": "Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "16509", "tcp" ] ], "protocols": [], "short": "Virtual Machine Management", "source_ports": [], "version": "" }, "libvirt-tls": { "description": "Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "16514", "tcp" ] ], "protocols": [], "short": "Virtual Machine Management (TLS)", "source_ports": [], "version": "" }, "lightning-network": { "description": "The default port used by Lightning Network. Enable this option if you plan to be a Lightning Network node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9735", "tcp" ] ], "protocols": [], "short": "Lightning Network", "source_ports": [], "version": "" }, "llmnr": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. In order to allow this host to resolve other hosts, use the llmnr-client service. ", "destination": {}, "helpers": [], "includes": [ "llmnr-tcp", "llmnr-udp" ], "modules": [], "ports": [], "protocols": [], "short": "LLMNR", "source_ports": [], "version": "" }, "llmnr-client": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service allows incoming LLMNR responses. Due to protocol details the service matches by source port and thus allows unsolicited responses. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "LLMNR Client", "source_ports": [ [ "5355", "udp" ] ], "version": "" }, "llmnr-tcp": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5355", "tcp" ] ], "protocols": [], "short": "LLMNR (TCP)", "source_ports": [], "version": "" }, "llmnr-udp": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ", "destination": { "ipv4": "224.0.0.252", "ipv6": "ff02::1:3" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5355", "udp" ] ], "protocols": [], "short": "LLMNR (UDP)", "source_ports": [], "version": "" }, "managesieve": { "description": "The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4190", "tcp" ] ], "protocols": [], "short": "ManageSieve", "source_ports": [], "version": "" }, "matrix": { "description": "Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Port 443 is the 'client' port, whereas port 8448 is the Federation port. Federation is the process by which users on different servers can participate in the same room.", "destination": {}, "helpers": [], "includes": [ "https" ], "modules": [], "ports": [ [ "8448", "tcp" ] ], "protocols": [], "short": "Matrix", "source_ports": [], "version": "" }, "mdns": { "description": "mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.", "destination": { "ipv4": "224.0.0.251", "ipv6": "ff02::fb" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5353", "udp" ] ], "protocols": [], "short": "Multicast DNS (mDNS)", "source_ports": [], "version": "" }, "memcache": { "description": "memcache is a high-performance object caching system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "11211", "tcp" ], [ "11211", "udp" ] ], "protocols": [], "short": "memcache", "source_ports": [], "version": "" }, "minecraft": { "description": " Minecraft is a sandbox game developed by Mojang Studios. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25565", "tcp" ], [ "25565", "udp" ] ], "protocols": [], "short": "Minecraft", "source_ports": [], "version": "" }, "minidlna": { "description": "MiniDLNA is a simple media server software with the aim to be fully compliant with DLNA/UPNP-AV clients. Enable this service if you run minidlna service.", "destination": {}, "helpers": [], "includes": [ "ssdp" ], "modules": [], "ports": [ [ "8200", "tcp" ] ], "protocols": [], "short": "MiniDLNA", "source_ports": [], "version": "" }, "mongodb": { "description": "MongoDB is a free and open-source cross-platform document-oriented database program.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "27017", "tcp" ] ], "protocols": [], "short": "mongodb", "source_ports": [], "version": "" }, "mosh": { "description": "Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of \"network lag\" on high-latency connections.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "60000-61000", "udp" ] ], "protocols": [], "short": "Mobile shell that supports roaming and intelligent local echo.", "source_ports": [], "version": "" }, "mountd": { "description": "NFS Mount Lock Daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "20048", "tcp" ], [ "20048", "udp" ] ], "protocols": [], "short": "mountd", "source_ports": [], "version": "" }, "mqtt": { "description": "The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1883", "tcp" ] ], "protocols": [], "short": "mqtt", "source_ports": [], "version": "" }, "mqtt-tls": { "description": "The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8883", "tcp" ] ], "protocols": [], "short": "mqtt-tls", "source_ports": [], "version": "" }, "ms-wbt": { "description": "Microsoft Windows-based Terminal Server", "destination": {}, "helpers": [], "includes": [ "rdp" ], "modules": [], "ports": [], "protocols": [], "short": "ms-wbt", "source_ports": [], "version": "" }, "mssql": { "description": "Microsoft SQL Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1433", "tcp" ] ], "protocols": [], "short": "mssql", "source_ports": [], "version": "" }, "murmur": { "description": "Murmur is the server of the Mumble VoIP chat system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "64738", "tcp" ], [ "64738", "udp" ] ], "protocols": [], "short": "Murmur", "source_ports": [], "version": "" }, "mysql": { "description": "MySQL Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3306", "tcp" ] ], "protocols": [], "short": "MySQL", "source_ports": [], "version": "" }, "nbd": { "description": "Network Block Device (NBD) is a high-performance protocol for exporting disk images between machines.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10809", "tcp" ] ], "protocols": [], "short": "NBD", "source_ports": [], "version": "" }, "nebula": { "description": "Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. The port needs to be open if the host is set as lighthouse.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4242", "udp" ] ], "protocols": [], "short": "Nebula", "source_ports": [], "version": "" }, "need-for-speed-most-wanted": { "description": " Need for Speed: Most Wanted is a 2005 open-world racing video game, and the ninth installment in the Need for Speed series. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "13505", "tcp" ], [ "30900-30999", "tcp" ], [ "3658", "udp" ] ], "protocols": [], "short": "Need for Speed: Most Wanted", "source_ports": [], "version": "" }, "netbios-ns": { "description": "This allows you to find Windows (Samba) servers that share files and printers.", "destination": {}, "helpers": [ "netbios-ns" ], "includes": [], "modules": [], "ports": [ [ "137", "udp" ] ], "protocols": [], "short": "NetBIOS NS", "source_ports": [], "version": "" }, "netdata-dashboard": { "description": "Netdata dashboard is a place to view the results of the netdata monitoring agent", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "19999", "tcp" ] ], "protocols": [], "short": "Netdata Dashboard", "source_ports": [], "version": "" }, "nfs": { "description": "The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2049", "tcp" ] ], "protocols": [], "short": "NFS4", "source_ports": [], "version": "" }, "nfs3": { "description": "The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2049", "tcp" ], [ "2049", "udp" ] ], "protocols": [], "short": "NFS3", "source_ports": [], "version": "" }, "nmea-0183": { "description": "NMEA-0183 Navigational Data server for use with Global Navigation Satellite System (GNSS) devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10110", "tcp" ], [ "10110", "udp" ] ], "protocols": [], "short": "nmea-0183", "source_ports": [], "version": "" }, "nrpe": { "description": "NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5666", "tcp" ] ], "protocols": [], "short": "NRPE", "source_ports": [], "version": "" }, "ntp": { "description": "The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "123", "udp" ] ], "protocols": [], "short": "Network Time Protocol (NTP) Server", "source_ports": [], "version": "" }, "nut": { "description": "Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3493", "tcp" ] ], "protocols": [], "short": "NUT", "source_ports": [], "version": "" }, "opentelemetry": { "description": "OpenTelemetry Protocol (OTLP) specification describes the encoding, transport, and delivery mechanism of telemetry data between telemetry sources, intermediate nodes such as collectors and telemetry backends.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4317", "tcp" ], [ "4318", "tcp" ] ], "protocols": [], "short": "OTLP", "source_ports": [], "version": "" }, "openvpn": { "description": "OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1194", "udp" ] ], "protocols": [], "short": "OpenVPN", "source_ports": [], "version": "" }, "ovirt-imageio": { "description": "oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "54322", "tcp" ] ], "protocols": [], "short": "oVirt Image I/O", "source_ports": [], "version": "" }, "ovirt-storageconsole": { "description": "oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "55863", "tcp" ], [ "39543", "tcp" ] ], "protocols": [], "short": "oVirt Storage-Console", "source_ports": [], "version": "" }, "ovirt-vmconsole": { "description": "oVirt VM Consoles enables secure access to virtual machine serial console.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2223", "tcp" ] ], "protocols": [], "short": "oVirt VM Console", "source_ports": [], "version": "" }, "plex": { "description": "Plex Media Server (PMS) is the back-end media server component of Plex. It organizes content from personal media libraries and streams it to the network.", "destination": {}, "helpers": [], "includes": [ "ssdp" ], "modules": [], "ports": [ [ "32400", "tcp" ], [ "32400", "udp" ], [ "32469", "tcp" ], [ "3005", "tcp" ], [ "8324", "tcp" ], [ "32410", "udp" ], [ "32412", "udp" ], [ "32413", "udp" ], [ "32414", "udp" ] ], "protocols": [], "short": "PLEX", "source_ports": [], "version": "" }, "pmcd": { "description": "This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44321", "tcp" ] ], "protocols": [], "short": "Performance metrics collector (pmcd)", "source_ports": [], "version": "" }, "pmproxy": { "description": "This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44322", "tcp" ] ], "protocols": [], "short": "Performance metrics proxy (pmproxy)", "source_ports": [], "version": "" }, "pmwebapi": { "description": "This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44323", "tcp" ] ], "protocols": [], "short": "Performance metrics web API (pmwebapi)", "source_ports": [], "version": "" }, "pmwebapis": { "description": "This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44324", "tcp" ] ], "protocols": [], "short": "Secure performance metrics web API (pmwebapis)", "source_ports": [], "version": "" }, "pop3": { "description": "The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "110", "tcp" ] ], "protocols": [], "short": "POP-3", "source_ports": [], "version": "" }, "pop3s": { "description": "The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "995", "tcp" ] ], "protocols": [], "short": "POP-3 over SSL", "source_ports": [], "version": "" }, "postgresql": { "description": "PostgreSQL Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5432", "tcp" ] ], "protocols": [], "short": "PostgreSQL", "source_ports": [], "version": "" }, "privoxy": { "description": "Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8118", "tcp" ] ], "protocols": [], "short": "Privoxy - A Privacy Enhancing Proxy Server", "source_ports": [], "version": "" }, "prometheus": { "description": "The Prometheus monitoring system and time series database.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9090", "tcp" ] ], "protocols": [], "short": "prometheus", "source_ports": [], "version": "" }, "prometheus-node-exporter": { "description": "The node-exporter agent for Prometheus monitoring system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9100", "tcp" ] ], "protocols": [], "short": "prometheus-node-exporter", "source_ports": [], "version": "" }, "proxy-dhcp": { "description": "PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4011", "udp" ] ], "protocols": [], "short": "Proxy DHCP", "source_ports": [], "version": "" }, "ps2link": { "description": "ps2link is a protocol used for interacting with a PlayStation 2 system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18194", "udp" ], [ "18193", "tcp" ] ], "protocols": [], "short": "ps2link", "source_ports": [], "version": "" }, "ps3netsrv": { "description": "PS3 Network Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "38008", "tcp" ] ], "protocols": [], "short": "ps3netsrv", "source_ports": [], "version": "" }, "ptp": { "description": "The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "319", "udp" ], [ "320", "udp" ] ], "protocols": [], "short": "Precision Time Protocol (PTP) Master", "source_ports": [], "version": "" }, "pulseaudio": { "description": "A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4713", "tcp" ] ], "protocols": [], "short": "PulseAudio", "source_ports": [], "version": "" }, "puppetmaster": { "description": "Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8140", "tcp" ] ], "protocols": [], "short": "Puppet Master", "source_ports": [], "version": "" }, "quassel": { "description": "Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4242", "tcp" ] ], "protocols": [], "short": "Quassel IRC", "source_ports": [], "version": "" }, "radius": { "description": "The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1812", "tcp" ], [ "1812", "udp" ], [ "1813", "tcp" ], [ "1813", "udp" ] ], "protocols": [], "short": "RADIUS", "source_ports": [], "version": "" }, "rdp": { "description": "Microsoft's Remote Desktop Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3389", "tcp" ] ], "protocols": [], "short": "rdp", "source_ports": [], "version": "" }, "redis": { "description": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6379", "tcp" ] ], "protocols": [], "short": "redis", "source_ports": [], "version": "" }, "redis-sentinel": { "description": "Redis Sentinel provides high availability for Redis.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "26379", "tcp" ] ], "protocols": [], "short": "redis-sentinel", "source_ports": [], "version": "" }, "rpc-bind": { "description": "Remote Procedure Call Bind", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "111", "tcp" ], [ "111", "udp" ] ], "protocols": [], "short": "rpc-bind", "source_ports": [], "version": "" }, "rquotad": { "description": "Remote Quota Server Daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "875", "tcp" ], [ "875", "udp" ] ], "protocols": [], "short": "rquotad", "source_ports": [], "version": "" }, "rsh": { "description": "Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "514", "tcp" ] ], "protocols": [], "short": "rsh", "source_ports": [], "version": "" }, "rsyncd": { "description": "Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "873", "tcp" ], [ "873", "udp" ] ], "protocols": [], "short": "Rsync in daemon mode", "source_ports": [], "version": "" }, "rtsp": { "description": "The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "554", "tcp" ], [ "554", "udp" ] ], "protocols": [], "short": "RTSP", "source_ports": [], "version": "" }, "salt-master": { "description": "Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4505", "tcp" ], [ "4506", "tcp" ] ], "protocols": [], "short": "Salt Master", "source_ports": [], "version": "" }, "samba": { "description": "This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "samba-client" ], "modules": [], "ports": [ [ "139", "tcp" ], [ "445", "tcp" ] ], "protocols": [], "short": "Samba", "source_ports": [], "version": "" }, "samba-client": { "description": "This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "netbios-ns" ], "modules": [], "ports": [ [ "138", "udp" ] ], "protocols": [], "short": "Samba Client", "source_ports": [], "version": "" }, "samba-dc": { "description": "This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "samba", "dns", "kerberos", "ldap", "ldaps", "kpasswd" ], "modules": [], "ports": [ [ "135", "tcp" ], [ "389", "udp" ], [ "49152-65535", "tcp" ], [ "3268", "tcp" ], [ "3269", "tcp" ] ], "protocols": [], "short": "Samba DC", "source_ports": [], "version": "" }, "sane": { "description": "The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host.", "destination": {}, "helpers": [ "sane" ], "includes": [], "modules": [], "ports": [ [ "6566", "tcp" ] ], "protocols": [], "short": "SANE network daemon (saned)", "source_ports": [], "version": "" }, "settlers-history-collection": { "description": "The Settlers History Collection includes History Editions of all seven previous Settlers games, which includes gold versions of each game with all expansions.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1005", "udp" ], [ "1100", "udp" ], [ "3074", "udp" ], [ "6200", "udp" ], [ "6300", "udp" ] ], "protocols": [], "short": "The Settlers History Collection", "source_ports": [], "version": "" }, "sip": { "description": "The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks.", "destination": {}, "helpers": [ "sip" ], "includes": [], "modules": [], "ports": [ [ "5060", "tcp" ], [ "5060", "udp" ] ], "protocols": [], "short": "SIP", "source_ports": [], "version": "" }, "sips": { "description": "SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5061", "tcp" ], [ "5061", "udp" ] ], "protocols": [], "short": "SIP-TLS (SIPS)", "source_ports": [], "version": "" }, "slp": { "description": "The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "427", "tcp" ], [ "427", "udp" ] ], "protocols": [], "short": "SLP", "source_ports": [], "version": "" }, "smtp": { "description": "This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25", "tcp" ] ], "protocols": [], "short": "Mail (SMTP)", "source_ports": [], "version": "" }, "smtp-submission": { "description": "This service is deprecated. Please use the \"submission\" service.", "destination": {}, "helpers": [], "includes": [ "submission" ], "modules": [], "ports": [], "protocols": [], "short": "Mail (SMTP-Submission)", "source_ports": [], "version": "" }, "smtps": { "description": "This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "465", "tcp" ] ], "protocols": [], "short": "Mail (SMTP over SSL)", "source_ports": [], "version": "" }, "snmp": { "description": "Simple Network Management Protocol is an \"Internet-standard protocol for managing devices on IP networks\". Enable this service if you run SNMP agent (server).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "161", "tcp" ], [ "161", "udp" ] ], "protocols": [], "short": "SNMP", "source_ports": [], "version": "" }, "snmptls": { "description": "Simple Network Management Protocol over TLS/DTLS is an \"Internet-standard protocol for managing devices on IP networks\" protected by TLS. Enable this service if you run SNMP agent (server).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10161", "tcp" ], [ "10161", "udp" ] ], "protocols": [], "short": "Secure SNMP (TLS)", "source_ports": [], "version": "" }, "snmptls-trap": { "description": "Secure SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. This port is protected by TLS.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10162", "tcp" ], [ "10162", "udp" ] ], "protocols": [], "short": "Secure SNMPTRAP (TLS)", "source_ports": [], "version": "" }, "snmptrap": { "description": "SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "162", "tcp" ], [ "162", "udp" ] ], "protocols": [], "short": "SNMPTRAP", "source_ports": [], "version": "" }, "spideroak-lansync": { "description": "SpiderOak ONE is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "21327", "udp" ], [ "21328", "udp" ] ], "protocols": [], "short": "SpiderOak ONE LAN-Sync", "source_ports": [], "version": "" }, "spotify-sync": { "description": "The Spotify Client allows you to sync local music files with your phone.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "57621", "udp" ], [ "57621", "tcp" ] ], "protocols": [], "short": "Spotify Client Sync", "source_ports": [], "version": "" }, "squid": { "description": "Squid HTTP proxy server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3128", "tcp" ] ], "protocols": [], "short": "squid", "source_ports": [], "version": "" }, "ssdp": { "description": "The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information.", "destination": { "ipv4": "239.255.255.250", "ipv6": "ff02::c" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1900", "udp" ] ], "protocols": [], "short": "Simple Service Discovery Protocol (SSDP)", "source_ports": [], "version": "" }, "ssh": { "description": "Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22", "tcp" ] ], "protocols": [], "short": "SSH", "source_ports": [], "version": "" }, "statsrv": { "description": " Statistics Server protocol provides a way to give statistics about a system to the outside world. Defined in RFC-996", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "133", "tcp" ], [ "133", "udp" ] ], "protocols": [], "short": "Statistics Server", "source_ports": [], "version": "" }, "steam-streaming": { "description": "Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "27036", "tcp" ], [ "27037", "tcp" ], [ "27031-27036", "udp" ] ], "protocols": [], "short": "Steam In-Home Streaming", "source_ports": [], "version": "" }, "stellaris": { "description": " Explore a galaxy full of wonders in this sci-fi grand strategy game from Paradox Development Studios. Interact with diverse alien races, discover strange new worlds with unexpected events and expand the reach of your empire. Each new adventure holds almost limitless possibilities. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "17780-17785", "udp" ] ], "protocols": [], "short": "Stellaris", "source_ports": [], "version": "" }, "stronghold-crusader": { "description": " The highly anticipated sequel to the best-selling Stronghold, Stronghold Crusader (HD) throws you into historic battles and castle sieges from the Crusades with fiendish AI opponents, new units, 4 historical campaigns and over 100 unique skirmish missions. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2300-2400", "tcp" ], [ "47624", "tcp" ], [ "2300-2400", "udp" ] ], "protocols": [], "short": "Stronghold Crusader", "source_ports": [], "version": "" }, "submission": { "description": "Submission allows remote client users to submit mail using SMTP over port 587.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "587", "tcp" ] ], "protocols": [], "short": "Mail Submission", "source_ports": [], "version": "" }, "supertuxkart": { "description": " SuperTuxKart is a 3D open-source kart racing game. It aims towards fun for players of all skill levels, with item boxes giving random items, nitro, drifting and more. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2759", "tcp" ], [ "2759", "udp" ], [ "2757", "udp" ], [ "2757", "tcp" ] ], "protocols": [], "short": "SuperTuxKart", "source_ports": [], "version": "" }, "svdrp": { "description": "The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6419", "tcp" ], [ "6419", "udp" ] ], "protocols": [], "short": "SVDRP", "source_ports": [], "version": "" }, "svn": { "description": "The custom, unencrypted protocol used the Subversion Version Control System.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3690", "tcp" ] ], "protocols": [], "short": "Subversion", "source_ports": [], "version": "" }, "syncthing": { "description": "Syncthing is a peer-to-peer file synchronization service. Enable this option, if you plan to run the Syncthing service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22000", "tcp" ], [ "22000", "udp" ], [ "21027", "udp" ] ], "protocols": [], "short": "Syncthing", "source_ports": [], "version": "" }, "syncthing-gui": { "description": "Enable this option in addition to the Syncthing option to allow traffic to the Syncthing web interface. (Be sure to secure it accordingly).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8384", "tcp" ] ], "protocols": [], "short": "Syncthing GUI", "source_ports": [], "version": "" }, "syncthing-relay": { "description": "Syncthing is a peer-to-peer file synchronization service. Only enable this option if you run a Syncthing relay server. This separate program (syncthing-relaysrv or relaysrv) is not needed for normal Syncthing usage.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22067", "tcp" ], [ "22070", "tcp" ] ], "protocols": [], "short": "Syncthing Relay", "source_ports": [], "version": "" }, "synergy": { "description": "Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "24800", "tcp" ] ], "protocols": [], "short": "Synergy", "source_ports": [], "version": "" }, "syscomlan": { "description": "Local system communication", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1065", "tcp" ], [ "1065", "udp" ] ], "protocols": [], "short": "syscomlan", "source_ports": [], "version": "" }, "syslog": { "description": "Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "514", "udp" ] ], "protocols": [], "short": "syslog", "source_ports": [], "version": "" }, "syslog-tls": { "description": "Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6514", "tcp" ], [ "6514", "udp" ] ], "protocols": [], "short": "syslog-tls", "source_ports": [], "version": "" }, "telnet": { "description": "Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "23", "tcp" ] ], "protocols": [], "short": "Telnet", "source_ports": [], "version": "" }, "tentacle": { "description": "Tentacle is a protocol for monitoring computer networks. Pandora FMS is one server implementation.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "41121", "tcp" ] ], "protocols": [], "short": "tentacle", "source_ports": [], "version": "" }, "terraria": { "description": " Dig, fight, explore, build! Nothing is impossible in this action-packed adventure game. Four Pack also available! ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7777", "tcp" ] ], "protocols": [], "short": "Terraria", "source_ports": [], "version": "" }, "tftp": { "description": "The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in a simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).", "destination": {}, "helpers": [ "tftp" ], "includes": [], "modules": [], "ports": [ [ "69", "udp" ] ], "protocols": [], "short": "TFTP", "source_ports": [], "version": "" }, "tile38": { "description": "Tile38 is a geospatial database, spatial index, and realtime geofence.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9851", "tcp" ] ], "protocols": [], "short": "tile38", "source_ports": [], "version": "" }, "tinc": { "description": "tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "655", "tcp" ], [ "655", "udp" ] ], "protocols": [], "short": "tinc VPN", "source_ports": [], "version": "" }, "tor-socks": { "description": "Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9050", "tcp" ] ], "protocols": [], "short": "Tor - SOCKS Proxy", "source_ports": [], "version": "" }, "transmission-client": { "description": "Transmission is a lightweight BitTorrent client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "51413", "tcp" ], [ "51413", "udp" ] ], "protocols": [], "short": "Transmission", "source_ports": [], "version": "" }, "upnp-client": { "description": "Universal Plug and Play client for auto-configuration of network routers (use only in trusted zones).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "UPnP Client", "source_ports": [ [ "1900", "udp" ] ], "version": "" }, "vdsm": { "description": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "54321", "tcp" ], [ "5900-6923", "tcp" ], [ "49152-49216", "tcp" ] ], "protocols": [], "short": "oVirt's Virtual Desktop and Server Manager", "source_ports": [], "version": "" }, "vnc-server": { "description": "A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5900-5903", "tcp" ] ], "protocols": [], "short": "Virtual Network Computing Server (VNC)", "source_ports": [], "version": "" }, "vrrp": { "description": "VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.", "destination": { "ipv4": "224.0.0.18", "ipv6": "FF02:0:0:0:0:0:0:12" }, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [ "112" ], "short": "Virtual Router Redundancy Protocol RFC3768 and RFC5798.", "source_ports": [], "version": "" }, "warpinator": { "description": "Warpinator is a file sharing app developed by Linux Mint. Warpinator allows you to send and receive files between computers that are on the same network without the need for any servers or special configuration.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "42000", "tcp" ], [ "42000", "udp" ], [ "42001", "tcp" ] ], "protocols": [], "short": "Warpinator", "source_ports": [], "version": "" }, "wbem-http": { "description": "Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5988", "tcp" ] ], "protocols": [], "short": "wbem-http", "source_ports": [], "version": "" }, "wbem-https": { "description": "Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5989", "tcp" ] ], "protocols": [], "short": "wbem-https", "source_ports": [], "version": "" }, "wireguard": { "description": "WireGuard is the simple, fast and modern VPN. The port needs to be open if a peer has this host explicitly configured as endpoint.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "51820", "udp" ] ], "protocols": [], "short": "WireGuard", "source_ports": [], "version": "" }, "ws-discovery": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": {}, "helpers": [], "includes": [ "ws-discovery-tcp", "ws-discovery-udp" ], "modules": [], "ports": [], "protocols": [], "short": "WS-Discovery", "source_ports": [], "version": "" }, "ws-discovery-client": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. Use only in trusted zones.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "WS-Discovery Client", "source_ports": [ [ "3702", "udp" ] ], "version": "" }, "ws-discovery-tcp": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3702", "tcp" ] ], "protocols": [], "short": "WS-Discovery (TCP)", "source_ports": [], "version": "" }, "ws-discovery-udp": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": { "ipv4": "239.255.255.250", "ipv6": "ff02::c" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3702", "udp" ] ], "protocols": [], "short": "WS-Discovery (UDP)", "source_ports": [], "version": "" }, "wsman": { "description": "Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5985", "tcp" ] ], "protocols": [], "short": "wsman", "source_ports": [], "version": "" }, "wsmans": { "description": "Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5986", "tcp" ] ], "protocols": [], "short": "wsmans", "source_ports": [], "version": "" }, "xdmcp": { "description": "The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "177", "tcp" ], [ "177", "udp" ] ], "protocols": [], "short": "XDMCP", "source_ports": [], "version": "" }, "xmpp-bosh": { "description": "Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5280", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) web client", "source_ports": [], "version": "" }, "xmpp-client": { "description": "Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5222", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) client", "source_ports": [], "version": "" }, "xmpp-local": { "description": "Serverless XMPP-like communication over local networks based on zero-configuration networking.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5298", "tcp" ] ], "protocols": [], "short": "XMPP Link-Local Messaging", "source_ports": [], "version": "" }, "xmpp-server": { "description": "Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5269", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) server", "source_ports": [], "version": "" }, "zabbix-agent": { "description": "Listen port used by Zabbix agents deployed on monitoring targets.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10050", "tcp" ] ], "protocols": [], "short": "Zabbix Agent", "source_ports": [], "version": "" }, "zabbix-java-gateway": { "description": "Listen port for Zabbix Java Gateway for monitoring Java applications over JMX.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10052", "tcp" ] ], "protocols": [], "short": "Zabbix Java Gateway", "source_ports": [], "version": "" }, "zabbix-server": { "description": "This is an alias for zabbix-trapper. This definition is deprecated in favor of zabbix-trapper.", "destination": {}, "helpers": [], "includes": [ "zabbix-trapper" ], "modules": [], "ports": [], "protocols": [], "short": "Zabbix Server", "source_ports": [], "version": "" }, "zabbix-trapper": { "description": "Trapper port to receive monitoring data used by the Zabbix server and Zabbix proxy.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10051", "tcp" ] ], "protocols": [], "short": "Zabbix Trapper", "source_ports": [], "version": "" }, "zabbix-web-service": { "description": "Listen port of Zabbix web service for receiving HTTP based reporting requests.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10053", "tcp" ] ], "protocols": [], "short": "Zabbix Web Service", "source_ports": [], "version": "" }, "zero-k": { "description": " With 100+ truly unique units, Zero-K is an RTS of freedom and creativity, tempered by a decade of refinement. Sculpt land into a castle and throw invaders off it with a Jugglenaut. Explore a massive campaign, solo or co-op. Hop online for epic 32 player battles or fast paced 1v1, on 100s of maps. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8452", "udp" ] ], "protocols": [], "short": "Zero-K", "source_ports": [], "version": "" }, "zerotier": { "description": "ZeroTier creates secure networks between on-premise, cloud, desktop, and mobile devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9993", "udp" ] ], "protocols": [], "short": "ZeroTier", "source_ports": [], "version": "" } }, "zones": { "FedoraServer": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "dhcpv6-client", "cockpit" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" }, "FedoraWorkstation": { "description": "Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [ [ "1025-65535", "udp" ], [ "1025-65535", "tcp" ] ], "protocols": [], "rules_str": [], "services": [ "dhcpv6-client", "ssh", "samba-client" ], "short": "Fedora Workstation", "source_ports": [], "sources": [], "target": "default", "version": "" }, "block": { "description": "Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Block", "source_ports": [], "sources": [], "target": "%%REJECT%%", "version": "" }, "dmz": { "description": "For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh" ], "short": "DMZ", "source_ports": [], "sources": [], "target": "default", "version": "" }, "drop": { "description": "Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Drop", "source_ports": [], "sources": [], "target": "DROP", "version": "" }, "external": { "description": "For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": true, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh" ], "short": "External", "source_ports": [], "sources": [], "target": "default", "version": "" }, "home": { "description": "For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "samba-client", "dhcpv6-client" ], "short": "Home", "source_ports": [], "sources": [], "target": "default", "version": "" }, "internal": { "description": "For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "samba-client", "dhcpv6-client" ], "short": "Internal", "source_ports": [], "sources": [], "target": "default", "version": "" }, "nm-shared": { "description": " This zone is used internally by NetworkManager when activating a profile that uses connection sharing and doesn't have an explicit firewall zone set. Block all traffic to the local machine except ICMP, ICMPv6, DHCP and DNS. Allow all forwarded traffic. Note that future package updates may change the definition of the zone unless you overwrite it with your own definition. ", "egress_priority": 0, "forward": false, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [ "icmp", "ipv6-icmp" ], "rules_str": [ "rule priority=\"32767\" reject" ], "services": [ "dhcp", "dns", "ssh" ], "short": "NetworkManager Shared", "source_ports": [], "sources": [], "target": "ACCEPT", "version": "" }, "public": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client", "https" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" }, "trusted": { "description": "All network connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Trusted", "source_ports": [], "sources": [], "target": "ACCEPT", "version": "" }, "work": { "description": "For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client" ], "short": "Work", "source_ports": [], "sources": [], "target": "default", "version": "" } } }, "default_zone": "public" } }, "changed": false } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 27 July 2024 02:27:13 -0400 (0:00:00.249) 0:00:21.449 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 27 July 2024 02:27:13 -0400 (0:00:00.023) 0:00:21.472 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 27 July 2024 02:27:13 -0400 (0:00:00.020) 0:00:21.492 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 27 July 2024 02:27:13 -0400 (0:00:00.018) 0:00:21.511 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 27 July 2024 02:27:13 -0400 (0:00:00.020) 0:00:21.531 ********* skipping: [managed_node1] => { "false_condition": "__firewall_previous_replaced | bool" } TASK [Fail if default settings values not dictionaries] ************************ task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:103 Saturday 27 July 2024 02:27:13 -0400 (0:00:00.021) 0:00:21.552 ********* skipping: [managed_node1] => (item={'FedoraWorkstation': {'version': '', 'short': 'Fedora Workstation', 'description': 'Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.', 'target': 'default', 'services': ['dhcpv6-client', 'ssh', 'samba-client'], 'ports': [['1025-65535', 'udp'], ['1025-65535', 'tcp']], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'block': {'version': '', 'short': 'Block', 'description': 'Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.', 'target': '%%REJECT%%', 'services': [], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'public': {'version': '', 'short': 'Public', 'description': 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', 'target': 'default', 'services': ['ssh', 'mdns', 'dhcpv6-client', 'https'], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'external': {'version': '', 'short': 'External', 'description': 'For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', 'target': 'default', 'services': ['ssh'], 'ports': [], 'icmp_blocks': [], 'masquerade': True, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'drop': {'version': '', 'short': 'Drop', 'description': 'Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.', 'target': 'DROP', 'services': [], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'nm-shared': {'version': '', 'short': 'NetworkManager Shared', 'description': " This zone is used internally by NetworkManager when activating a profile that uses connection sharing and doesn't have an explicit firewall zone set. Block all traffic to the local machine except ICMP, ICMPv6, DHCP and DNS. Allow all forwarded traffic. Note that future package updates may change the definition of the zone unless you overwrite it with your own definition. ", 'target': 'ACCEPT', 'services': ['dhcp', 'dns', 'ssh'], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': ['rule priority="32767" reject'], 'protocols': ['icmp', 'ipv6-icmp'], 'source_ports': [], 'icmp_block_inversion': False, 'forward': False, 'ingress_priority': 0, 'egress_priority': 0}, 'FedoraServer': {'version': '', 'short': 'Public', 'description': 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', 'target': 'default', 'services': ['ssh', 'dhcpv6-client', 'cockpit'], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'internal': {'version': '', 'short': 'Internal', 'description': 'For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.', 'target': 'default', 'services': ['ssh', 'mdns', 'samba-client', 'dhcpv6-client'], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'work': {'version': '', 'short': 'Work', 'description': 'For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', 'target': 'default', 'services': ['ssh', 'mdns', 'dhcpv6-client'], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'trusted': {'version': '', 'short': 'Trusted', 'description': 'All network connections are accepted.', 'target': 'ACCEPT', 'services': [], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'home': {'version': '', 'short': 'Home', 'description': 'For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', 'target': 'default', 'services': ['ssh', 'mdns', 'samba-client', 'dhcpv6-client'], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}, 'dmz': {'version': '', 'short': 'DMZ', 'description': 'For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.', 'target': 'default', 'services': ['ssh'], 'ports': [], 'icmp_blocks': [], 'masquerade': False, 'forward_ports': [], 'interfaces': [], 'sources': [], 'rules_str': [], 'protocols': [], 'source_ports': [], 'icmp_block_inversion': False, 'forward': True, 'ingress_priority': 0, 'egress_priority': 0}}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item is not mapping", "item": { "FedoraServer": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "dhcpv6-client", "cockpit" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" }, "FedoraWorkstation": { "description": "Unsolicited incoming network packets are rejected from port 1 to 1024, except for select network services. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [ [ "1025-65535", "udp" ], [ "1025-65535", "tcp" ] ], "protocols": [], "rules_str": [], "services": [ "dhcpv6-client", "ssh", "samba-client" ], "short": "Fedora Workstation", "source_ports": [], "sources": [], "target": "default", "version": "" }, "block": { "description": "Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Block", "source_ports": [], "sources": [], "target": "%%REJECT%%", "version": "" }, "dmz": { "description": "For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh" ], "short": "DMZ", "source_ports": [], "sources": [], "target": "default", "version": "" }, "drop": { "description": "Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Drop", "source_ports": [], "sources": [], "target": "DROP", "version": "" }, "external": { "description": "For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": true, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh" ], "short": "External", "source_ports": [], "sources": [], "target": "default", "version": "" }, "home": { "description": "For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "samba-client", "dhcpv6-client" ], "short": "Home", "source_ports": [], "sources": [], "target": "default", "version": "" }, "internal": { "description": "For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "samba-client", "dhcpv6-client" ], "short": "Internal", "source_ports": [], "sources": [], "target": "default", "version": "" }, "nm-shared": { "description": " This zone is used internally by NetworkManager when activating a profile that uses connection sharing and doesn't have an explicit firewall zone set. Block all traffic to the local machine except ICMP, ICMPv6, DHCP and DNS. Allow all forwarded traffic. Note that future package updates may change the definition of the zone unless you overwrite it with your own definition. ", "egress_priority": 0, "forward": false, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [ "icmp", "ipv6-icmp" ], "rules_str": [ "rule priority=\"32767\" reject" ], "services": [ "dhcp", "dns", "ssh" ], "short": "NetworkManager Shared", "source_ports": [], "sources": [], "target": "ACCEPT", "version": "" }, "public": { "description": "For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client", "https" ], "short": "Public", "source_ports": [], "sources": [], "target": "default", "version": "" }, "trusted": { "description": "All network connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [], "short": "Trusted", "source_ports": [], "sources": [], "target": "ACCEPT", "version": "" }, "work": { "description": "For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.", "egress_priority": 0, "forward": true, "forward_ports": [], "icmp_block_inversion": false, "icmp_blocks": [], "ingress_priority": 0, "interfaces": [], "masquerade": false, "ports": [], "protocols": [], "rules_str": [], "services": [ "ssh", "mdns", "dhcpv6-client" ], "short": "Work", "source_ports": [], "sources": [], "target": "default", "version": "" } }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'xmpp-client': {'version': '', 'short': 'XMPP (Jabber) client', 'description': 'Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other.', 'ports': [['5222', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dropbox-lansync': {'version': '1.0', 'short': 'dropboxlansync', 'description': 'Dropbox LAN sync', 'ports': [['17500', 'udp'], ['17500', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dns-over-quic': {'version': '', 'short': 'DNS over QUIC', 'description': 'DNS over QUIC (DoQ) is a protocol that combines the security and performance benefits of the QUIC transport protocol with DNS operations, providing encrypted, faster, and more resilient domain name resolution (rfc9250).', 'ports': [['853', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'sips': {'version': '', 'short': 'SIP-TLS (SIPS)', 'description': 'SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling.', 'ports': [['5061', 'tcp'], ['5061', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bb': {'version': '', 'short': 'Big Brother', 'description': 'Big Brother is a plain text protocol for sending and receiving client data, reports, and queries to a BB-compatible monitoring server or proxy. The standard IANA port for a listening Big Brother service is 1984, because of course it is.', 'ports': [['1984', 'tcp'], ['1984', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'zabbix-web-service': {'version': '', 'short': 'Zabbix Web Service', 'description': 'Listen port of Zabbix web service for receiving HTTP based reporting requests.', 'ports': [['10053', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'cfengine': {'version': '', 'short': 'CFEngine', 'description': 'CFEngine server', 'ports': [['5308', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'pmwebapis': {'version': '', 'short': 'Secure performance metrics web API (pmwebapis)', 'description': 'This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful.', 'ports': [['44324', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'finger': {'version': '', 'short': 'finger', 'description': 'Finger is a protocol for obtaining information about users on remote hosts.', 'ports': [['79', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ausweisapp2': {'version': '1.17.1', 'short': 'AusweisApp2', 'description': 'AusweisApp2 is an official government application to provide electronic identification services (eID) in conjunction with an approved electronic identification document such as the german nPA. In order to use your Smartphone as a card reader enable this service.', 'ports': [['24727', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'jenkins': {'version': '', 'short': 'jenkins', 'description': 'Jenkins is an open source automation server written in Java.', 'ports': [['8080', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'irc': {'version': '', 'short': 'IRC', 'description': 'An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.', 'ports': [['6667', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'nbd': {'version': '', 'short': 'NBD', 'description': 'Network Block Device (NBD) is a high-performance protocol for exporting disk images between machines.', 'ports': [['10809', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'svdrp': {'version': '', 'short': 'SVDRP', 'description': 'The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality.', 'ports': [['6419', 'tcp'], ['6419', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'netbios-ns': {'version': '', 'short': 'NetBIOS NS', 'description': 'This allows you to find Windows (Samba) servers that share files and printers.', 'ports': [['137', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': ['netbios-ns']}, 'mqtt-tls': {'version': '', 'short': 'mqtt-tls', 'description': 'The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption.', 'ports': [['8883', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bgp': {'version': '', 'short': 'BGP service listen', 'description': 'Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet', 'ports': [['179', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'wsman': {'version': '', 'short': 'wsman', 'description': 'Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted', 'ports': [['5985', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'foreman': {'version': '', 'short': 'foreman', 'description': 'Foreman is a complete lifecycle management tool for physical and virtual servers.', 'ports': [['68', 'udp'], ['8140', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['dns', 'http', 'https', 'dhcp', 'tftp'], 'helpers': []}, 'llmnr-tcp': {'version': '', 'short': 'LLMNR (TCP)', 'description': ' Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ', 'ports': [['5355', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'afp': {'version': '', 'short': 'AFP', 'description': 'The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS.', 'ports': [['548', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ldaps': {'version': '', 'short': 'LDAPS', 'description': 'Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server', 'ports': [['636', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'wireguard': {'version': '', 'short': 'WireGuard', 'description': 'WireGuard is the simple, fast and modern VPN. The port needs to be open if a peer has this host explicitly configured as endpoint.', 'ports': [['51820', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dhcp': {'version': '', 'short': 'DHCP', 'description': 'This allows a DHCP server to accept messages from DHCP clients and relay agents.', 'ports': [['67', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'zabbix-agent': {'version': '', 'short': 'Zabbix Agent', 'description': 'Listen port used by Zabbix agents deployed on monitoring targets.', 'ports': [['10050', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'managesieve': {'version': '', 'short': 'ManageSieve', 'description': 'The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option.', 'ports': [['4190', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'checkmk-agent': {'version': '', 'short': 'checkmk agent', 'description': 'The checkmk monitoring agent runs on clients to provide detailed host state.', 'ports': [['6556', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'pulseaudio': {'version': '', 'short': 'PulseAudio', 'description': 'A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service.', 'ports': [['4713', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ptp': {'version': '', 'short': 'Precision Time Protocol (PTP) Master', 'description': 'The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful.', 'ports': [['319', 'udp'], ['320', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'proxy-dhcp': {'version': '', 'short': 'Proxy DHCP', 'description': 'PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers.', 'ports': [['4011', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'xdmcp': {'version': '', 'short': 'XDMCP', 'description': 'The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client.', 'ports': [['177', 'tcp'], ['177', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'smtp': {'version': '', 'short': 'Mail (SMTP)', 'description': "This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", 'ports': [['25', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'steam-streaming': {'version': '', 'short': 'Steam In-Home Streaming', 'description': "Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer.", 'ports': [['27036', 'tcp'], ['27037', 'tcp'], ['27031-27036', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'xmpp-bosh': {'version': '', 'short': 'XMPP (Jabber) web client', 'description': 'Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server.', 'ports': [['5280', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'nfs3': {'version': '', 'short': 'NFS3', 'description': 'The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.', 'ports': [['2049', 'tcp'], ['2049', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'xmpp-local': {'version': '', 'short': 'XMPP Link-Local Messaging', 'description': 'Serverless XMPP-like communication over local networks based on zero-configuration networking.', 'ports': [['5298', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'rpc-bind': {'version': '', 'short': 'rpc-bind', 'description': 'Remote Procedure Call Bind', 'ports': [['111', 'tcp'], ['111', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'grafana': {'version': '', 'short': 'grafana', 'description': 'Grafana is an open platform for beautiful analytics and monitoring', 'ports': [['3000', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ceph-mon': {'version': '', 'short': 'ceph-mon', 'description': "Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon.", 'ports': [['3300', 'tcp'], ['6789', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'llmnr-client': {'version': '', 'short': 'LLMNR Client', 'description': ' Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service allows incoming LLMNR responses. Due to protocol details the service matches by source port and thus allows unsolicited responses. ', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [['5355', 'udp']], 'includes': [], 'helpers': []}, 'high-availability': {'version': '', 'short': 'Red Hat High Availability', 'description': 'This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd.', 'ports': [['2224', 'tcp'], ['3121', 'tcp'], ['5403', 'tcp'], ['5404', 'udp'], ['5405-5412', 'udp'], ['9929', 'tcp'], ['9929', 'udp'], ['21064', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-control-plane': {'version': '', 'short': 'Kubernetes Control-plane Node', 'description': 'The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['etcd-client', 'etcd-server', 'kube-apiserver', 'kube-controller-manager', 'kube-scheduler'], 'helpers': []}, 'snmptrap': {'version': '', 'short': 'SNMPTRAP', 'description': 'SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.', 'ports': [['162', 'tcp'], ['162', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'zabbix-java-gateway': {'version': '', 'short': 'Zabbix Java Gateway', 'description': 'Listen port for Zabbix Java Gateway for monitoring Java applications over JMX.', 'ports': [['10052', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'sane': {'version': '', 'short': 'SANE network daemon (saned)', 'description': 'The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host.', 'ports': [['6566', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': ['sane']}, 'pop3s': {'version': '', 'short': 'POP-3 over SSL', 'description': 'The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).', 'ports': [['995', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'zerotier': {'version': '', 'short': 'ZeroTier', 'description': 'ZeroTier creates secure networks between on-premise, cloud, desktop, and mobile devices.', 'ports': [['9993', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'libvirt-tls': {'version': '', 'short': 'Virtual Machine Management (TLS)', 'description': 'Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.', 'ports': [['16514', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'zabbix-server': {'version': '', 'short': 'Zabbix Server', 'description': 'This is an alias for zabbix-trapper. This definition is deprecated in favor of zabbix-trapper.', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['zabbix-trapper'], 'helpers': []}, 'libvirt': {'version': '', 'short': 'Virtual Machine Management', 'description': 'Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.', 'ports': [['16509', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'mssql': {'version': '', 'short': 'mssql', 'description': 'Microsoft SQL Server', 'ports': [['1433', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'mountd': {'version': '', 'short': 'mountd', 'description': 'NFS Mount Lock Daemon', 'ports': [['20048', 'tcp'], ['20048', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'sip': {'version': '', 'short': 'SIP', 'description': 'The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks.', 'ports': [['5060', 'tcp'], ['5060', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': ['sip']}, 'pmwebapi': {'version': '', 'short': 'Performance metrics web API (pmwebapi)', 'description': 'This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.', 'ports': [['44323', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'imaps': {'version': '', 'short': 'IMAP over SSL', 'description': 'The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.', 'ports': [['993', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'puppetmaster': {'version': '', 'short': 'Puppet Master', 'description': 'Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from.', 'ports': [['8140', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'gre': {'version': '', 'short': '', 'description': '', 'ports': [], 'modules': [], 'destination': {}, 'protocols': ['gre'], 'source_ports': [], 'includes': [], 'helpers': ['proto-gre']}, 'nmea-0183': {'version': '', 'short': 'nmea-0183', 'description': 'NMEA-0183 Navigational Data server for use with Global Navigation Satellite System (GNSS) devices.', 'ports': [['10110', 'tcp'], ['10110', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ipfs': {'version': '', 'short': 'IPFS', 'description': 'The InterPlanetary File System (IPFS) is a peer-to-peer hypermedia protocol designed to make the web faster, safer, and more open', 'ports': [['4001', 'tcp'], ['4001', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ipp': {'version': '', 'short': 'Network Printing Server (IPP)', 'description': 'The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.', 'ports': [['631', 'tcp'], ['631', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kubelet': {'version': '', 'short': 'Kubernetes Kubelet', 'description': 'The kubelet API is used to communicate between kube-scheduler and the node.', 'ports': [['10250', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'upnp-client': {'version': '', 'short': 'UPnP Client', 'description': 'Universal Plug and Play client for auto-configuration of network routers (use only in trusted zones).', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [['1900', 'udp']], 'includes': [], 'helpers': []}, 'openvpn': {'version': '', 'short': 'OpenVPN', 'description': 'OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.', 'ports': [['1194', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'galera': {'version': '', 'short': 'Galera', 'description': 'MariaDB-Galera Database Server', 'ports': [['3306', 'tcp'], ['4567', 'tcp'], ['4568', 'tcp'], ['4444', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dns': {'version': '', 'short': 'DNS', 'description': 'The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).', 'ports': [['53', 'tcp'], ['53', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'svn': {'version': '', 'short': 'Subversion', 'description': 'The custom, unencrypted protocol used the Subversion Version Control System.', 'ports': [['3690', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'opentelemetry': {'version': '', 'short': 'OTLP', 'description': 'OpenTelemetry Protocol (OTLP) specification describes the encoding, transport, and delivery mechanism of telemetry data between telemetry sources, intermediate nodes such as collectors and telemetry backends.', 'ports': [['4317', 'tcp'], ['4318', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'etcd-server': {'version': '', 'short': 'etcd Server', 'description': 'etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port.', 'ports': [['2380', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'syslog-tls': {'version': '', 'short': 'syslog-tls', 'description': 'Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport.', 'ports': [['6514', 'tcp'], ['6514', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ldap': {'version': '', 'short': 'LDAP', 'description': 'Lightweight Directory Access Protocol (LDAP) server', 'ports': [['389', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'samba-client': {'version': '', 'short': 'Samba Client', 'description': 'This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.', 'ports': [['138', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['netbios-ns'], 'helpers': []}, 'nrpe': {'version': '', 'short': 'NRPE', 'description': 'NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.', 'ports': [['5666', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ms-wbt': {'version': '', 'short': 'ms-wbt', 'description': 'Microsoft Windows-based Terminal Server', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['rdp'], 'helpers': []}, 'bitcoin': {'version': '', 'short': 'Bitcoin', 'description': 'The default port used by Bitcoin. Enable this option if you plan to be a full Bitcoin node.', 'ports': [['8333', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'tftp': {'version': '', 'short': 'TFTP', 'description': 'The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in a simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).', 'ports': [['69', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': ['tftp']}, 'mosh': {'version': '', 'short': 'Mobile shell that supports roaming and intelligent local echo.', 'description': 'Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of "network lag" on high-latency connections.', 'ports': [['60000-61000', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'synergy': {'version': '', 'short': 'Synergy', 'description': 'Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen.', 'ports': [['24800', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'freeipa-replication': {'version': '', 'short': 'FreeIPA replication (deprecated)', 'description': 'This service is deprecated. Please use freeipa-4 service instead.', 'ports': [['7389', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bitcoin-testnet-rpc': {'version': '', 'short': 'Bitcoin testnet RPC', 'description': 'Enable this option if you need access to the Bitcoin RPC interface running on the testnet. This is not required when connecting on localhost.', 'ports': [['18332', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'rtsp': {'version': '', 'short': 'RTSP', 'description': 'The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers.', 'ports': [['554', 'tcp'], ['554', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-nodeport-services': {'version': '', 'short': 'Kubernetes Kubelet', 'description': 'Services of type NodePort expose a port on each worker', 'ports': [['30000-32767', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'syncthing-relay': {'version': '', 'short': 'Syncthing Relay', 'description': 'Syncthing is a peer-to-peer file synchronization service. Only enable this option if you run a Syncthing relay server. This separate program (syncthing-relaysrv or relaysrv) is not needed for normal Syncthing usage.', 'ports': [['22067', 'tcp'], ['22070', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'alvr': {'version': '', 'short': 'Stream VR games from your PC to your headset via Wi-Fi', 'description': 'ALVR is an open source remote VR display which allows playing SteamVR games on a standalone headset such as Gear VR or Oculus Go/Quest.', 'ports': [['9943-9944', 'tcp'], ['9943-9944', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'docker-swarm': {'version': '', 'short': 'Docker integrated swarm mode', 'description': 'Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services.', 'ports': [['2377', 'tcp'], ['7946', 'tcp'], ['7946', 'udp'], ['4789', 'udp']], 'modules': [], 'destination': {}, 'protocols': ['esp'], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-api': {'version': '', 'short': 'Kubernetes Kubelet', 'description': 'Backwards compatibility after service renaming', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['kubelet'], 'helpers': []}, 'postgresql': {'version': '', 'short': 'PostgreSQL', 'description': 'PostgreSQL Database Server', 'ports': [['5432', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'freeipa-trust': {'version': '', 'short': 'FreeIPA trust setup', 'description': 'FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory', 'ports': [['135', 'tcp'], ['138-139', 'tcp'], ['138-139', 'udp'], ['389', 'tcp'], ['389', 'udp'], ['445', 'tcp'], ['445', 'udp'], ['49152-65535', 'tcp'], ['3268', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bacula': {'version': '', 'short': 'Bacula', 'description': 'Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.', 'ports': [['9101', 'tcp'], ['9102', 'tcp'], ['9103', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-control-plane-secure': {'version': '', 'short': 'Kubernetes Control-plane Node - secure', 'description': 'The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['etcd-client', 'etcd-server', 'kube-apiserver', 'kube-controller-manager-secure', 'kube-scheduler-secure'], 'helpers': []}, 'tile38': {'version': '', 'short': 'tile38', 'description': 'Tile38 is a geospatial database, spatial index, and realtime geofence.', 'ports': [['9851', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'anno-1800': {'version': '', 'short': 'Anno 1800', 'description': ' Anno 1800 - Lead the Industrial Revolution! Welcome to the dawn of the Industrial Age. The path you choose will define your world. Are you an innovator or an exploiter? A conqueror or a liberator? How the world remembers your name is up to you. ', 'ports': [['18000', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'zabbix-trapper': {'version': '', 'short': 'Zabbix Trapper', 'description': 'Trapper port to receive monitoring data used by the Zabbix server and Zabbix proxy.', 'ports': [['10051', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'prometheus-node-exporter': {'version': '', 'short': 'prometheus-node-exporter', 'description': 'The node-exporter agent for Prometheus monitoring system.', 'ports': [['9100', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'rsyncd': {'version': '', 'short': 'Rsync in daemon mode', 'description': 'Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.', 'ports': [['873', 'tcp'], ['873', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'quassel': {'version': '', 'short': 'Quassel IRC', 'description': 'Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core.', 'ports': [['4242', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'syscomlan': {'version': '', 'short': 'syscomlan', 'description': 'Local system communication', 'ports': [['1065', 'tcp'], ['1065', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ws-discovery-udp': {'version': '', 'short': 'WS-Discovery (UDP)', 'description': 'Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.', 'ports': [['3702', 'udp']], 'modules': [], 'destination': {'ipv4': '239.255.255.250', 'ipv6': 'ff02::c'}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'klogin': {'version': '', 'short': 'klogin', 'description': 'The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication.', 'ports': [['543', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'syslog': {'version': '', 'short': 'syslog', 'description': 'Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server.', 'ports': [['514', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bitcoin-testnet': {'version': '', 'short': 'Bitcoin testnet', 'description': 'The default port used by Bitcoin testnet. Enable this option if you plan to be a Bitcoin full node on the test network.', 'ports': [['18333', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dhcpv6': {'version': '', 'short': 'DHCPv6', 'description': 'This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents.', 'ports': [['547', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'warpinator': {'version': '', 'short': 'Warpinator', 'description': 'Warpinator is a file sharing app developed by Linux Mint. Warpinator allows you to send and receive files between computers that are on the same network without the need for any servers or special configuration.', 'ports': [['42000', 'tcp'], ['42000', 'udp'], ['42001', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'squid': {'version': '', 'short': 'squid', 'description': 'Squid HTTP proxy server', 'ports': [['3128', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'samba-dc': {'version': '', 'short': 'Samba DC', 'description': 'This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful.', 'ports': [['135', 'tcp'], ['389', 'udp'], ['49152-65535', 'tcp'], ['3268', 'tcp'], ['3269', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['samba', 'dns', 'kerberos', 'ldap', 'ldaps', 'kpasswd'], 'helpers': []}, 'vdsm': {'version': '', 'short': "oVirt's Virtual Desktop and Server Manager", 'description': "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.", 'ports': [['54321', 'tcp'], ['5900-6923', 'tcp'], ['49152-49216', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'civilization-v': {'version': '', 'short': "Sid Meier's Civilization V", 'description': ' Become Ruler of the World by establishing and leading a civilization from the dawn of man into the space age: Wage war, conduct diplomacy, discover new technologies, go head-to-head with some of history’s greatest leaders and build the most powerful empire the world has ever known. ', 'ports': [['1745', 'tcp'], ['1795', 'tcp'], ['3074', 'tcp'], ['27015-27030', 'tcp'], ['27036-27037', 'tcp'], ['1745', 'udp'], ['1795', 'udp'], ['3064', 'udp'], ['3074', 'udp'], ['4380', 'udp'], ['27000-27031', 'udp'], ['27036', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'statsrv': {'version': '', 'short': 'Statistics Server', 'description': ' Statistics Server protocol provides a way to give statistics about a system to the outside world. Defined in RFC-996', 'ports': [['133', 'tcp'], ['133', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ceph': {'version': '', 'short': 'ceph', 'description': "Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS), or Manager Daemons (MGR).", 'ports': [['6800-7568', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'iscsi-target': {'version': '', 'short': 'iSCSI target', 'description': 'Internet SCSI target is a storage resource located on an iSCSI server.', 'ports': [['3260', 'tcp'], ['3260', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'radius': {'version': '', 'short': 'RADIUS', 'description': 'The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.', 'ports': [['1812', 'tcp'], ['1812', 'udp'], ['1813', 'tcp'], ['1813', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'tinc': {'version': '', 'short': 'tinc VPN', 'description': 'tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.', 'ports': [['655', 'tcp'], ['655', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'rdp': {'version': '', 'short': 'rdp', 'description': "Microsoft's Remote Desktop Protocol", 'ports': [['3389', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'anno-1602': {'version': '', 'short': 'Anno 1602', 'description': ' Anno 1602 is a construction and management video game. Set in the early modern period, it requires the player to build colonies on small islands and manage resources, exploration, diplomacy and trade. ', 'ports': [['47624', 'tcp'], ['2300-2400', 'tcp'], ['2300-2400', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ganglia-master': {'version': '', 'short': 'ganglia-master', 'description': 'Ganglia collector', 'ports': [['8651', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'vnc-server': {'version': '', 'short': 'Virtual Network Computing Server (VNC)', 'description': 'A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.', 'ports': [['5900-5903', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'collectd': {'version': '', 'short': 'Collectd', 'description': 'Collectd is a monitoring system that allows metrics to be sent over the network. This rule allows incoming collectd traffic from remote boxes.', 'ports': [['25826', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'RH-Satellite-6': {'version': '', 'short': 'Red Hat Satellite 6', 'description': 'Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.', 'ports': [['5000', 'tcp'], ['5646-5647', 'tcp'], ['5671', 'tcp'], ['8000', 'tcp'], ['8080', 'tcp'], ['9090', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['foreman'], 'helpers': []}, 'kube-worker': {'version': '', 'short': 'Kubernetes Worker Node', 'description': 'The Kubernetes Worker Node runs some (or sometimes all) of the workloads of the Kubernetes cluster. There might be NodoPort services associated with these workloads.', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['kubelet', 'kube-nodeport-services'], 'helpers': []}, 'nfs': {'version': '', 'short': 'NFS4', 'description': 'The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.', 'ports': [['2049', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'syncthing-gui': {'version': '', 'short': 'Syncthing GUI', 'description': 'Enable this option in addition to the Syncthing option to allow traffic to the Syncthing web interface. (Be sure to secure it accordingly).', 'ports': [['8384', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'imap': {'version': '', 'short': 'IMAP', 'description': 'The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option.', 'ports': [['143', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'llmnr': {'version': '', 'short': 'LLMNR', 'description': ' Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. In order to allow this host to resolve other hosts, use the llmnr-client service. ', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['llmnr-tcp', 'llmnr-udp'], 'helpers': []}, 'distcc': {'version': '', 'short': 'distcc', 'description': 'Distcc is a protocol used for distributed compilation.', 'ports': [['3632', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'lightning-network': {'version': '', 'short': 'Lightning Network', 'description': 'The default port used by Lightning Network. Enable this option if you plan to be a Lightning Network node.', 'ports': [['9735', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'vrrp': {'version': '', 'short': 'Virtual Router Redundancy Protocol RFC3768 and RFC5798.', 'description': 'VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.', 'ports': [], 'modules': [], 'destination': {'ipv4': '224.0.0.18', 'ipv6': 'FF02:0:0:0:0:0:0:12'}, 'protocols': ['112'], 'source_ports': [], 'includes': [], 'helpers': []}, 'civilization-iv': {'version': '', 'short': "Sid Meier's Civilization IV", 'description': ' Civilization IV is a 4X turn-based strategy computer game and the fourth installment of the Civilization series. ', 'ports': [['2033', 'tcp'], ['2056', 'tcp'], ['3783', 'tcp'], ['6500', 'tcp'], ['6667', 'tcp'], ['28900', 'tcp'], ['29900-29901', 'tcp'], ['2033', 'udp'], ['2302-2400', 'udp'], ['6500', 'udp'], ['6515', 'udp'], ['13139', 'udp'], ['27900', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'matrix': {'version': '', 'short': 'Matrix', 'description': "Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Port 443 is the 'client' port, whereas port 8448 is the Federation port. Federation is the process by which users on different servers can participate in the same room.", 'ports': [['8448', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['https'], 'helpers': []}, 'wbem-https': {'version': '', 'short': 'wbem-https', 'description': 'Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments', 'ports': [['5989', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'transmission-client': {'version': '', 'short': 'Transmission', 'description': 'Transmission is a lightweight BitTorrent client.', 'ports': [['51413', 'tcp'], ['51413', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'pmcd': {'version': '', 'short': 'Performance metrics collector (pmcd)', 'description': 'This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.', 'ports': [['44321', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kibana': {'version': '', 'short': 'Kibana', 'description': 'Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide.', 'ports': [['5601', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ssh': {'version': '', 'short': 'SSH', 'description': 'Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.', 'ports': [['22', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'smtps': {'version': '', 'short': 'Mail (SMTP over SSL)', 'description': "This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", 'ports': [['465', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ntp': {'version': '', 'short': 'Network Time Protocol (NTP) Server', 'description': 'The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful.', 'ports': [['123', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ws-discovery-client': {'version': '', 'short': 'WS-Discovery Client', 'description': 'Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. Use only in trusted zones.', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [['3702', 'udp']], 'includes': [], 'helpers': []}, 'snmptls-trap': {'version': '', 'short': 'Secure SNMPTRAP (TLS)', 'description': 'Secure SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. This port is protected by TLS.', 'ports': [['10162', 'tcp'], ['10162', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'slp': {'version': '', 'short': 'SLP', 'description': 'The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration.', 'ports': [['427', 'tcp'], ['427', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'nut': {'version': '', 'short': 'NUT', 'description': 'Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies.', 'ports': [['3493', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'murmur': {'version': '', 'short': 'Murmur', 'description': 'Murmur is the server of the Mumble VoIP chat system.', 'ports': [['64738', 'tcp'], ['64738', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'cratedb': {'version': '', 'short': 'CrateDB', 'description': 'CrateDB is a distributed SQL database management system that integrates a fully searchable document oriented data store.', 'ports': [['4200', 'tcp'], ['4300', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['postgresql'], 'helpers': []}, 'spotify-sync': {'version': '', 'short': 'Spotify Client Sync', 'description': 'The Spotify Client allows you to sync local music files with your phone.', 'ports': [['57621', 'udp'], ['57621', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'amqps': {'version': '', 'short': 'amqps', 'description': 'The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware.', 'ports': [['5671', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'plex': {'version': '', 'short': 'PLEX', 'description': 'Plex Media Server (PMS) is the back-end media server component of Plex. It organizes content from personal media libraries and streams it to the network.', 'ports': [['32400', 'tcp'], ['32400', 'udp'], ['32469', 'tcp'], ['3005', 'tcp'], ['8324', 'tcp'], ['32410', 'udp'], ['32412', 'udp'], ['32413', 'udp'], ['32414', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['ssdp'], 'helpers': []}, 'telnet': {'version': '', 'short': 'Telnet', 'description': 'Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful.', 'ports': [['23', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'rsh': {'version': '', 'short': 'rsh', 'description': 'Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended.', 'ports': [['514', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'wbem-http': {'version': '', 'short': 'wbem-http', 'description': 'Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant.', 'ports': [['5988', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'amqp': {'version': '', 'short': 'amqp', 'description': 'The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware.', 'ports': [['5672', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kubelet-readonly': {'version': '', 'short': 'Kubernetes Kubelet read', 'description': 'The kubelet API is used to communicate between kube-scheduler and the node.', 'ports': [['10255', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'mysql': {'version': '', 'short': 'MySQL', 'description': 'MySQL Database Server', 'ports': [['3306', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'http': {'version': '', 'short': 'WWW (HTTP)', 'description': 'HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.', 'ports': [['80', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'llmnr-udp': {'version': '', 'short': 'LLMNR (UDP)', 'description': ' Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ', 'ports': [['5355', 'udp']], 'modules': [], 'destination': {'ipv4': '224.0.0.252', 'ipv6': 'ff02::1:3'}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'mdns': {'version': '', 'short': 'Multicast DNS (mDNS)', 'description': 'mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.', 'ports': [['5353', 'udp']], 'modules': [], 'destination': {'ipv4': '224.0.0.251', 'ipv6': 'ff02::fb'}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'apcupsd': {'version': '', 'short': 'apcupsd', 'description': 'The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices.', 'ports': [['3551', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kpasswd': {'version': '', 'short': 'Kpasswd', 'description': 'Kerberos password (Kpasswd) server', 'ports': [['464', 'tcp'], ['464', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'http3': {'version': '', 'short': 'WWW (HTTP/3)', 'description': 'HTTP/3 is a protocol used to serve Web pages that uses QUIC as the transport protocol. If you plan to make your HTTP/3 compatible Web server publicly available, enable this option.', 'ports': [['443', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'settlers-history-collection': {'version': '', 'short': 'The Settlers History Collection', 'description': 'The Settlers History Collection includes History Editions of all seven previous Settlers games, which includes gold versions of each game with all expansions.', 'ports': [['1005', 'udp'], ['1100', 'udp'], ['3074', 'udp'], ['6200', 'udp'], ['6300', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bareos-director': {'version': '', 'short': 'Bareos Director Daemon (bareos-dir)', 'description': 'This option allows connections to a local Bareos Director. These connections are typically initiated by Bareos consoles (bconsole). Bareos WebUI and Bareos File Daemon (when using Client Initiated Connections).', 'ports': [['9101', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'amanda-k5-client': {'version': '', 'short': 'Amanda Backup Client (kerberized)', 'description': 'The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication', 'ports': [['10082', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': ['amanda']}, 'elasticsearch': {'version': '', 'short': 'Elasticsearch', 'description': 'Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.', 'ports': [['9300', 'tcp'], ['9200', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ctdb': {'version': '', 'short': 'CTDB', 'description': 'CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data.', 'ports': [['4379', 'tcp'], ['4379', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'syncthing': {'version': '', 'short': 'Syncthing', 'description': 'Syncthing is a peer-to-peer file synchronization service. Enable this option, if you plan to run the Syncthing service.', 'ports': [['22000', 'tcp'], ['22000', 'udp'], ['21027', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ovirt-imageio': {'version': '', 'short': 'oVirt Image I/O', 'description': 'oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.', 'ports': [['54322', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'mongodb': {'version': '', 'short': 'mongodb', 'description': 'MongoDB is a free and open-source cross-platform document-oriented database program.', 'ports': [['27017', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'isns': {'version': '', 'short': 'iSNS', 'description': 'The Internet Storage Name Service (iSNS) is a protocol that allows automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network.', 'ports': [['3205', 'tcp'], ['3205', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'rquotad': {'version': '', 'short': 'rquotad', 'description': 'Remote Quota Server Daemon', 'ports': [['875', 'tcp'], ['875', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'amanda-client': {'version': '', 'short': 'Amanda Backup Client', 'description': 'The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.', 'ports': [['10080', 'udp'], ['10080', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': ['amanda']}, 'redis-sentinel': {'version': '', 'short': 'redis-sentinel', 'description': 'Redis Sentinel provides high availability for Redis.', 'ports': [['26379', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-apiserver': {'version': '', 'short': 'Kubernetes Api Server', 'description': 'The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.', 'ports': [['6443', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'stellaris': {'version': '', 'short': 'Stellaris', 'description': ' Explore a galaxy full of wonders in this sci-fi grand strategy game from Paradox Development Studios. Interact with diverse alien races, discover strange new worlds with unexpected events and expand the reach of your empire. Each new adventure holds almost limitless possibilities. ', 'ports': [['17780-17785', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ps3netsrv': {'version': '', 'short': 'ps3netsrv', 'description': 'PS3 Network Server', 'ports': [['38008', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kerberos': {'version': '', 'short': 'Kerberos', 'description': 'Kerberos network authentication protocol server', 'ports': [['88', 'tcp'], ['88', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'nebula': {'version': '', 'short': 'Nebula', 'description': 'Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. The port needs to be open if the host is set as lighthouse.', 'ports': [['4242', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bareos-storage': {'version': '', 'short': 'Bareos Storage Daemon (bareos-sd)', 'description': 'This option allows Bareos Director and File Daemons to connect to the local Bareos Storage Daemon to send/receive data and manage volumes.', 'ports': [['9103', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'etcd-client': {'version': '', 'short': 'etcd Client', 'description': 'etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port.', 'ports': [['2379', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'freeipa-ldaps': {'version': '', 'short': 'FreeIPA with LDAPS (deprecated)', 'description': 'This service is deprecated. Please use freeipa-4 service instead.', 'ports': [['80', 'tcp'], ['443', 'tcp'], ['88', 'tcp'], ['88', 'udp'], ['464', 'tcp'], ['464', 'udp'], ['123', 'udp'], ['636', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'tentacle': {'version': '', 'short': 'tentacle', 'description': 'Tentacle is a protocol for monitoring computer networks. Pandora FMS is one server implementation.', 'ports': [['41121', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'condor-collector': {'version': '', 'short': 'HT Condor Collector', 'description': 'The HT Condor Collector is needed to organize the condor worker nodes.', 'ports': [['9618', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'pop3': {'version': '', 'short': 'POP-3', 'description': 'The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).', 'ports': [['110', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-scheduler': {'version': '', 'short': 'Kubernetes Scheduler', 'description': 'The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.', 'ports': [['10251', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'snmptls': {'version': '', 'short': 'Secure SNMP (TLS)', 'description': 'Simple Network Management Protocol over TLS/DTLS is an "Internet-standard protocol for managing devices on IP networks" protected by TLS. Enable this service if you run SNMP agent (server).', 'ports': [['10161', 'tcp'], ['10161', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ftp': {'version': '', 'short': 'FTP', 'description': 'FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.', 'ports': [['21', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': ['ftp']}, 'need-for-speed-most-wanted': {'version': '', 'short': 'Need for Speed: Most Wanted', 'description': ' Need for Speed: Most Wanted is a 2005 open-world racing video game, and the ninth installment in the Need for Speed series. ', 'ports': [['13505', 'tcp'], ['30900-30999', 'tcp'], ['3658', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'audit': {'version': '', 'short': 'Audit', 'description': 'The Linux Audit subsystem is used to log security events. Enable this option, if you plan to aggregate audit events to/from a remote server/client.', 'ports': [['60', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'zero-k': {'version': '', 'short': 'Zero-K', 'description': ' With 100+ truly unique units, Zero-K is an RTS of freedom and creativity, tempered by a decade of refinement. Sculpt land into a castle and throw invaders off it with a Jugglenaut. Explore a massive campaign, solo or co-op. Hop online for epic 32 player battles or fast paced 1v1, on 100s of maps. ', 'ports': [['8452', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'freeipa-ldap': {'version': '', 'short': 'FreeIPA with LDAP (deprecated)', 'description': 'This service is deprecated. Please use freeipa-4 service instead.', 'ports': [['80', 'tcp'], ['443', 'tcp'], ['88', 'tcp'], ['88', 'udp'], ['464', 'tcp'], ['464', 'udp'], ['123', 'udp'], ['389', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'gpsd': {'version': '', 'short': 'gpsd', 'description': 'gpsd is a service daemon that monitors one or more GPSes or AIS receivers attached to a host computer through serial or USB ports, making all data on the location/course/velocity of the sensors available to be queried on TCP port 2947 of the host computer.', 'ports': [['2947', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, '0-AD': {'version': '', 'short': '0 A.D.', 'description': " 0 A.D. is a real-time strategy (RTS) game of ancient warfare. It's a historically-based war/economy game that allows players to relive or rewrite the history of thirteen ancient civilizations, each depicted at their peak of economic growth and military prowess. ", 'ports': [['20595', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ceph-exporter': {'version': '', 'short': 'ceph-exporter', 'description': 'The Prometheus module running on Ceph manager to expose metrics.', 'ports': [['9283', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bacula-client': {'version': '', 'short': 'Bacula Client', 'description': 'This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.', 'ports': [['9102', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'snmp': {'version': '', 'short': 'SNMP', 'description': 'Simple Network Management Protocol is an "Internet-standard protocol for managing devices on IP networks". Enable this service if you run SNMP agent (server).', 'ports': [['161', 'tcp'], ['161', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dds-unicast': {'version': '', 'short': 'OMG DDS', 'description': 'Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 ito 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.', 'ports': [['7402-7649', 'udp'], ['7652-7899', 'udp'], ['7902-8149', 'udp'], ['8152-8339', 'udp'], ['8402-8649', 'udp'], ['8652-8899', 'udp'], ['8902-9149', 'udp'], ['9152-9339', 'udp'], ['9402-9649', 'udp'], ['9652-9899', 'udp'], ['9902-10149', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'minidlna': {'version': '', 'short': 'MiniDLNA', 'description': 'MiniDLNA is a simple media server software with the aim to be fully compliant with DLNA/UPNP-AV clients. Enable this service if you run minidlna service.', 'ports': [['8200', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['ssdp'], 'helpers': []}, 'bittorrent-lsd': {'version': '', 'short': 'BitTorrent Local Peer Discovery (LSD)', 'description': 'Local Peer Discovery is a protocol designed to support the discovery of BitTorrent peers on a local area network. Enable this service if you run a BitTorrent client.', 'ports': [['6771', 'udp']], 'modules': [], 'destination': {'ipv4': '239.192.152.143', 'ipv6': 'ff15::efc0:988f'}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ws-discovery': {'version': '', 'short': 'WS-Discovery', 'description': 'Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['ws-discovery-tcp', 'ws-discovery-udp'], 'helpers': []}, 'xmpp-server': {'version': '', 'short': 'XMPP (Jabber) server', 'description': 'Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers.', 'ports': [['5269', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'samba': {'version': '', 'short': 'Samba', 'description': 'This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.', 'ports': [['139', 'tcp'], ['445', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['samba-client'], 'helpers': []}, 'kube-controller-manager': {'version': '', 'short': 'Kubernetes Controller Manager', 'description': 'The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.', 'ports': [['10252', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'memcache': {'version': '', 'short': 'memcache', 'description': 'memcache is a high-performance object caching system.', 'ports': [['11211', 'tcp'], ['11211', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kshell': {'version': '', 'short': 'kshell', 'description': 'Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5', 'ports': [['544', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'privoxy': {'version': '', 'short': 'Privoxy - A Privacy Enhancing Proxy Server', 'description': 'Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy.', 'ports': [['8118', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'netdata-dashboard': {'version': '', 'short': 'Netdata Dashboard', 'description': 'Netdata dashboard is a place to view the results of the netdata monitoring agent', 'ports': [['19999', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kadmin': {'version': '', 'short': 'kadmin', 'description': 'Kerberos Administration Protocol', 'ports': [['749', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'pmproxy': {'version': '', 'short': 'Performance metrics proxy (pmproxy)', 'description': 'This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful.', 'ports': [['44322', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'minecraft': {'version': '', 'short': 'Minecraft', 'description': ' Minecraft is a sandbox game developed by Mojang Studios. ', 'ports': [['25565', 'tcp'], ['25565', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ipp-client': {'version': '', 'short': 'Network Printing Client (IPP)', 'description': 'The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.', 'ports': [['631', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dds': {'version': '', 'short': 'OMG DDS', 'description': 'Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast and multicast service for domains with ID 0 through 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['dds-multicast', 'dds-unicast'], 'helpers': []}, 'smtp-submission': {'version': '', 'short': 'Mail (SMTP-Submission)', 'description': 'This service is deprecated. Please use the "submission" service.', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['submission'], 'helpers': []}, 'mqtt': {'version': '', 'short': 'mqtt', 'description': 'The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted.', 'ports': [['1883', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ovirt-vmconsole': {'version': '', 'short': 'oVirt VM Console', 'description': 'oVirt VM Consoles enables secure access to virtual machine serial console.', 'ports': [['2223', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ganglia-client': {'version': '', 'short': 'ganglia-client', 'description': 'Ganglia monitoring daemon', 'ports': [['8660', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'supertuxkart': {'version': '', 'short': 'SuperTuxKart', 'description': ' SuperTuxKart is a 3D open-source kart racing game. It aims towards fun for players of all skill levels, with item boxes giving random items, nitro, drifting and more. ', 'ports': [['2759', 'tcp'], ['2759', 'udp'], ['2757', 'udp'], ['2757', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'freeipa-4': {'version': '', 'short': 'FreeIPA 4 server', 'description': "FreeIPA is an integrated identity and authentication solution with Kerberos, LDAP, PKI, and web UI. Enable this option if you plan to provide a FreeIPA server. Enable the 'dns' service if this FreeIPA server provides DNS services, 'ntp' service if this FreeIPA server provides NTP services, and 'freeipa-trust' for cross-forest trusts with Active Directory.", 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['http', 'https', 'kerberos', 'kpasswd', 'ldap', 'ldaps'], 'helpers': []}, 'kubelet-worker': {'version': '', 'short': 'Kubernetes Worker Node', 'description': 'Backwards compatibility after service renaming', 'ports': [], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['kube-worker'], 'helpers': []}, 'docker-registry': {'version': '', 'short': 'Docker Registry', 'description': 'Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally.', 'ports': [['5000', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ircs': {'version': '', 'short': 'IRC TLS/SSL', 'description': 'An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.', 'ports': [['6697', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'wsmans': {'version': '', 'short': 'wsmans', 'description': 'Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption.', 'ports': [['5986', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ps2link': {'version': '', 'short': 'ps2link', 'description': 'ps2link is a protocol used for interacting with a PlayStation 2 system.', 'ports': [['18194', 'udp'], ['18193', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ipsec': {'version': '', 'short': 'IPsec', 'description': 'Internet Protocol Security (IPsec) is the standardized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practice.', 'ports': [['500', 'udp'], ['4500', 'udp'], ['4500', 'tcp']], 'modules': [], 'destination': {}, 'protocols': ['ah', 'esp'], 'source_ports': [], 'includes': [], 'helpers': []}, 'salt-master': {'version': '', 'short': 'Salt Master', 'description': 'Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node.', 'ports': [['4505', 'tcp'], ['4506', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'foreman-proxy': {'version': '', 'short': 'foreman-proxy', 'description': 'The Smart Proxy is a project which provides a restful API to various sub-systems.', 'ports': [['8443', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['foreman'], 'helpers': []}, 'stronghold-crusader': {'version': '', 'short': 'Stronghold Crusader', 'description': ' The highly anticipated sequel to the best-selling Stronghold, Stronghold Crusader (HD) throws you into historic battles and castle sieges from the Crusades with fiendish AI opponents, new units, 4 historical campaigns and over 100 unique skirmish missions. ', 'ports': [['2300-2400', 'tcp'], ['47624', 'tcp'], ['2300-2400', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'cockpit': {'version': '', 'short': 'Cockpit', 'description': 'Cockpit lets you access and configure your server remotely.', 'ports': [['9090', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'prometheus': {'version': '', 'short': 'prometheus', 'description': 'The Prometheus monitoring system and time series database.', 'ports': [['9090', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'terraria': {'version': '', 'short': 'Terraria', 'description': ' Dig, fight, explore, build! Nothing is impossible in this action-packed adventure game. Four Pack also available! ', 'ports': [['7777', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'git': {'version': '', 'short': 'git', 'description': 'The git daemon for supporting git:// access to git repositories.', 'ports': [['9418', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ws-discovery-tcp': {'version': '', 'short': 'WS-Discovery (TCP)', 'description': 'Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.', 'ports': [['3702', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'spideroak-lansync': {'version': '', 'short': 'SpiderOak ONE LAN-Sync', 'description': 'SpiderOak ONE is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak.', 'ports': [['21327', 'udp'], ['21328', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ident': {'version': '', 'short': 'Ident Protocol', 'description': 'The Identification Protocol as specified in RFC 1413, which is used to determine the identity of a user of a particular TCP connection.', 'ports': [['113', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'tor-socks': {'version': '', 'short': 'Tor - SOCKS Proxy', 'description': "Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks.", 'ports': [['9050', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kprop': {'version': '', 'short': 'kprop', 'description': 'Kerberos KDC Propagation Protocol', 'ports': [['754', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bareos-filedaemon': {'version': '', 'short': 'Bareos File Daemon (bareos-fd)', 'description': 'This option allows a Bareos Director to connect to the local Bareos File Daemon.', 'ports': [['9102', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kdeconnect': {'version': '', 'short': 'KDE Connect', 'description': 'KDE Connect is an application to connect your phone to your computer.', 'ports': [['1714-1764', 'tcp'], ['1714-1764', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'submission': {'version': '', 'short': 'Mail Submission', 'description': 'Submission allows remote client users to submit mail using SMTP over port 587.', 'ports': [['587', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-controller-manager-secure': {'version': '', 'short': 'Kubernetes Controller Manager - Secure', 'description': 'The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.', 'ports': [['10257', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'kube-scheduler-secure': {'version': '', 'short': 'Kubernetes Scheduler - secure', 'description': 'The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.', 'ports': [['10259', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'https': {'version': '', 'short': 'Secure WWW (HTTPS)', 'description': 'HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.', 'ports': [['443', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ssdp': {'version': '', 'short': 'Simple Service Discovery Protocol (SSDP)', 'description': 'The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information.', 'ports': [['1900', 'udp']], 'modules': [], 'destination': {'ipv4': '239.255.255.250', 'ipv6': 'ff02::c'}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'redis': {'version': '', 'short': 'redis', 'description': 'Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.', 'ports': [['6379', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'factorio': {'version': '', 'short': 'Factorio', 'description': " Factorio is a game about building and creating automated factories to produce items of increasing complexity, within an infinite 2D world. Use your imagination to design your factory, combine simple elements into ingenious structures, and finally protect it from the creatures who don't really like you. ", 'ports': [['34197', 'udp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dhcpv6-client': {'version': '', 'short': 'DHCPv6 Client', 'description': 'This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server.', 'ports': [['546', 'udp']], 'modules': [], 'destination': {'ipv6': 'fe80::/64'}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'dns-over-tls': {'version': '', 'short': 'DNS over TLS', 'description': 'DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol', 'ports': [['853', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'bitcoin-rpc': {'version': '', 'short': 'Bitcoin RPC', 'description': 'Enable this option if you need access to the Bitcoin RPC interface. This is not required when connecting on localhost.', 'ports': [['8332', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'RH-Satellite-6-capsule': {'version': '', 'short': 'Red Hat Satellite 6 Capsule', 'description': 'Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.', 'ports': [['8443', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': ['RH-Satellite-6'], 'helpers': []}, 'dds-multicast': {'version': '', 'short': 'OMG DDS', 'description': 'Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 to 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.', 'ports': [['7400-7401', 'udp'], ['7650-7651', 'udp'], ['7900-7901', 'udp'], ['8150-8151', 'udp'], ['8400-8401', 'udp'], ['8650-8651', 'udp'], ['8900-8901', 'udp'], ['9150-9151', 'udp'], ['9400-9401', 'udp'], ['9650-9651', 'udp'], ['9900-9901', 'udp']], 'modules': [], 'destination': {'ipv4': '239.255.0.1'}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}, 'ovirt-storageconsole': {'version': '', 'short': 'oVirt Storage-Console', 'description': "oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage.", 'ports': [['55863', 'tcp'], ['39543', 'tcp']], 'modules': [], 'destination': {}, 'protocols': [], 'source_ports': [], 'includes': [], 'helpers': []}}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item is not mapping", "item": { "0-AD": { "description": " 0 A.D. is a real-time strategy (RTS) game of ancient warfare. It's a historically-based war/economy game that allows players to relive or rewrite the history of thirteen ancient civilizations, each depicted at their peak of economic growth and military prowess. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "20595", "udp" ] ], "protocols": [], "short": "0 A.D.", "source_ports": [], "version": "" }, "RH-Satellite-6": { "description": "Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.", "destination": {}, "helpers": [], "includes": [ "foreman" ], "modules": [], "ports": [ [ "5000", "tcp" ], [ "5646-5647", "tcp" ], [ "5671", "tcp" ], [ "8000", "tcp" ], [ "8080", "tcp" ], [ "9090", "tcp" ] ], "protocols": [], "short": "Red Hat Satellite 6", "source_ports": [], "version": "" }, "RH-Satellite-6-capsule": { "description": "Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.", "destination": {}, "helpers": [], "includes": [ "RH-Satellite-6" ], "modules": [], "ports": [ [ "8443", "tcp" ] ], "protocols": [], "short": "Red Hat Satellite 6 Capsule", "source_ports": [], "version": "" }, "afp": { "description": "The Apple Filing Protocol (AFP), formerly AppleTalk Filing Protocol, is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "548", "tcp" ] ], "protocols": [], "short": "AFP", "source_ports": [], "version": "" }, "alvr": { "description": "ALVR is an open source remote VR display which allows playing SteamVR games on a standalone headset such as Gear VR or Oculus Go/Quest.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9943-9944", "tcp" ], [ "9943-9944", "udp" ] ], "protocols": [], "short": "Stream VR games from your PC to your headset via Wi-Fi", "source_ports": [], "version": "" }, "amanda-client": { "description": "The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful.", "destination": {}, "helpers": [ "amanda" ], "includes": [], "modules": [], "ports": [ [ "10080", "udp" ], [ "10080", "tcp" ] ], "protocols": [], "short": "Amanda Backup Client", "source_ports": [], "version": "" }, "amanda-k5-client": { "description": "The Amanda backup client option allows you to connect to a Amanda backup and archiving server. You need the amanda-client package installed for this option to be useful. This service specifically allows krb5 authentication", "destination": {}, "helpers": [ "amanda" ], "includes": [], "modules": [], "ports": [ [ "10082", "tcp" ] ], "protocols": [], "short": "Amanda Backup Client (kerberized)", "source_ports": [], "version": "" }, "amqp": { "description": "The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5672", "tcp" ] ], "protocols": [], "short": "amqp", "source_ports": [], "version": "" }, "amqps": { "description": "The Advanced Message Queuing Protocol (AMQP) over SSL is an open standard application layer protocol for message-oriented middleware.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5671", "tcp" ] ], "protocols": [], "short": "amqps", "source_ports": [], "version": "" }, "anno-1602": { "description": " Anno 1602 is a construction and management video game. Set in the early modern period, it requires the player to build colonies on small islands and manage resources, exploration, diplomacy and trade. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "47624", "tcp" ], [ "2300-2400", "tcp" ], [ "2300-2400", "udp" ] ], "protocols": [], "short": "Anno 1602", "source_ports": [], "version": "" }, "anno-1800": { "description": " Anno 1800 - Lead the Industrial Revolution! Welcome to the dawn of the Industrial Age. The path you choose will define your world. Are you an innovator or an exploiter? A conqueror or a liberator? How the world remembers your name is up to you. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18000", "udp" ] ], "protocols": [], "short": "Anno 1800", "source_ports": [], "version": "" }, "apcupsd": { "description": "The American Power Conversion (APC) uninterruptible power supply (UPS) daemon protocol allows to monitor and control APC UPS devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3551", "tcp" ] ], "protocols": [], "short": "apcupsd", "source_ports": [], "version": "" }, "audit": { "description": "The Linux Audit subsystem is used to log security events. Enable this option, if you plan to aggregate audit events to/from a remote server/client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "60", "tcp" ] ], "protocols": [], "short": "Audit", "source_ports": [], "version": "" }, "ausweisapp2": { "description": "AusweisApp2 is an official government application to provide electronic identification services (eID) in conjunction with an approved electronic identification document such as the german nPA. In order to use your Smartphone as a card reader enable this service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "24727", "udp" ] ], "protocols": [], "short": "AusweisApp2", "source_ports": [], "version": "1.17.1" }, "bacula": { "description": "Bacula is a network backup solution. Enable this option, if you plan to provide Bacula backup, file and storage services.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9101", "tcp" ], [ "9102", "tcp" ], [ "9103", "tcp" ] ], "protocols": [], "short": "Bacula", "source_ports": [], "version": "" }, "bacula-client": { "description": "This option allows a Bacula server to connect to the local machine to schedule backups. You need the bacula-client package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9102", "tcp" ] ], "protocols": [], "short": "Bacula Client", "source_ports": [], "version": "" }, "bareos-director": { "description": "This option allows connections to a local Bareos Director. These connections are typically initiated by Bareos consoles (bconsole). Bareos WebUI and Bareos File Daemon (when using Client Initiated Connections).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9101", "tcp" ] ], "protocols": [], "short": "Bareos Director Daemon (bareos-dir)", "source_ports": [], "version": "" }, "bareos-filedaemon": { "description": "This option allows a Bareos Director to connect to the local Bareos File Daemon.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9102", "tcp" ] ], "protocols": [], "short": "Bareos File Daemon (bareos-fd)", "source_ports": [], "version": "" }, "bareos-storage": { "description": "This option allows Bareos Director and File Daemons to connect to the local Bareos Storage Daemon to send/receive data and manage volumes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9103", "tcp" ] ], "protocols": [], "short": "Bareos Storage Daemon (bareos-sd)", "source_ports": [], "version": "" }, "bb": { "description": "Big Brother is a plain text protocol for sending and receiving client data, reports, and queries to a BB-compatible monitoring server or proxy. The standard IANA port for a listening Big Brother service is 1984, because of course it is.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1984", "tcp" ], [ "1984", "udp" ] ], "protocols": [], "short": "Big Brother", "source_ports": [], "version": "" }, "bgp": { "description": "Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "179", "tcp" ] ], "protocols": [], "short": "BGP service listen", "source_ports": [], "version": "" }, "bitcoin": { "description": "The default port used by Bitcoin. Enable this option if you plan to be a full Bitcoin node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8333", "tcp" ] ], "protocols": [], "short": "Bitcoin", "source_ports": [], "version": "" }, "bitcoin-rpc": { "description": "Enable this option if you need access to the Bitcoin RPC interface. This is not required when connecting on localhost.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8332", "tcp" ] ], "protocols": [], "short": "Bitcoin RPC", "source_ports": [], "version": "" }, "bitcoin-testnet": { "description": "The default port used by Bitcoin testnet. Enable this option if you plan to be a Bitcoin full node on the test network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18333", "tcp" ] ], "protocols": [], "short": "Bitcoin testnet", "source_ports": [], "version": "" }, "bitcoin-testnet-rpc": { "description": "Enable this option if you need access to the Bitcoin RPC interface running on the testnet. This is not required when connecting on localhost.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18332", "tcp" ] ], "protocols": [], "short": "Bitcoin testnet RPC", "source_ports": [], "version": "" }, "bittorrent-lsd": { "description": "Local Peer Discovery is a protocol designed to support the discovery of BitTorrent peers on a local area network. Enable this service if you run a BitTorrent client.", "destination": { "ipv4": "239.192.152.143", "ipv6": "ff15::efc0:988f" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6771", "udp" ] ], "protocols": [], "short": "BitTorrent Local Peer Discovery (LSD)", "source_ports": [], "version": "" }, "ceph": { "description": "Ceph is a distributed object store and file system. Enable this option to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS), or Manager Daemons (MGR).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6800-7568", "tcp" ] ], "protocols": [], "short": "ceph", "source_ports": [], "version": "" }, "ceph-exporter": { "description": "The Prometheus module running on Ceph manager to expose metrics.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9283", "tcp" ] ], "protocols": [], "short": "ceph-exporter", "source_ports": [], "version": "" }, "ceph-mon": { "description": "Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3300", "tcp" ], [ "6789", "tcp" ] ], "protocols": [], "short": "ceph-mon", "source_ports": [], "version": "" }, "cfengine": { "description": "CFEngine server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5308", "tcp" ] ], "protocols": [], "short": "CFEngine", "source_ports": [], "version": "" }, "checkmk-agent": { "description": "The checkmk monitoring agent runs on clients to provide detailed host state.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6556", "tcp" ] ], "protocols": [], "short": "checkmk agent", "source_ports": [], "version": "" }, "civilization-iv": { "description": " Civilization IV is a 4X turn-based strategy computer game and the fourth installment of the Civilization series. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2033", "tcp" ], [ "2056", "tcp" ], [ "3783", "tcp" ], [ "6500", "tcp" ], [ "6667", "tcp" ], [ "28900", "tcp" ], [ "29900-29901", "tcp" ], [ "2033", "udp" ], [ "2302-2400", "udp" ], [ "6500", "udp" ], [ "6515", "udp" ], [ "13139", "udp" ], [ "27900", "udp" ] ], "protocols": [], "short": "Sid Meier's Civilization IV", "source_ports": [], "version": "" }, "civilization-v": { "description": " Become Ruler of the World by establishing and leading a civilization from the dawn of man into the space age: Wage war, conduct diplomacy, discover new technologies, go head-to-head with some of history’s greatest leaders and build the most powerful empire the world has ever known. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1745", "tcp" ], [ "1795", "tcp" ], [ "3074", "tcp" ], [ "27015-27030", "tcp" ], [ "27036-27037", "tcp" ], [ "1745", "udp" ], [ "1795", "udp" ], [ "3064", "udp" ], [ "3074", "udp" ], [ "4380", "udp" ], [ "27000-27031", "udp" ], [ "27036", "udp" ] ], "protocols": [], "short": "Sid Meier's Civilization V", "source_ports": [], "version": "" }, "cockpit": { "description": "Cockpit lets you access and configure your server remotely.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9090", "tcp" ] ], "protocols": [], "short": "Cockpit", "source_ports": [], "version": "" }, "collectd": { "description": "Collectd is a monitoring system that allows metrics to be sent over the network. This rule allows incoming collectd traffic from remote boxes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25826", "udp" ] ], "protocols": [], "short": "Collectd", "source_ports": [], "version": "" }, "condor-collector": { "description": "The HT Condor Collector is needed to organize the condor worker nodes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9618", "tcp" ] ], "protocols": [], "short": "HT Condor Collector", "source_ports": [], "version": "" }, "cratedb": { "description": "CrateDB is a distributed SQL database management system that integrates a fully searchable document oriented data store.", "destination": {}, "helpers": [], "includes": [ "postgresql" ], "modules": [], "ports": [ [ "4200", "tcp" ], [ "4300", "tcp" ] ], "protocols": [], "short": "CrateDB", "source_ports": [], "version": "" }, "ctdb": { "description": "CTDB is a cluster implementation of the TDB database used by Samba and other projects to store temporary data.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4379", "tcp" ], [ "4379", "udp" ] ], "protocols": [], "short": "CTDB", "source_ports": [], "version": "" }, "dds": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast and multicast service for domains with ID 0 through 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": {}, "helpers": [], "includes": [ "dds-multicast", "dds-unicast" ], "modules": [], "ports": [], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dds-multicast": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 to 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": { "ipv4": "239.255.0.1" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7400-7401", "udp" ], [ "7650-7651", "udp" ], [ "7900-7901", "udp" ], [ "8150-8151", "udp" ], [ "8400-8401", "udp" ], [ "8650-8651", "udp" ], [ "8900-8901", "udp" ], [ "9150-9151", "udp" ], [ "9400-9401", "udp" ], [ "9650-9651", "udp" ], [ "9900-9901", "udp" ] ], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dds-unicast": { "description": "Open Management Group (OMG) Data Distribution Service (DDS) is protocol supporting various applications. It is usally found in control systems. This is the unicast service for domains with ID 0 ito 10 and maximal possible applications (120). Please see https://community.rti.com/content/forum-topic/statically-configure-firewall-let-omg-dds-traffic-through for details.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7402-7649", "udp" ], [ "7652-7899", "udp" ], [ "7902-8149", "udp" ], [ "8152-8339", "udp" ], [ "8402-8649", "udp" ], [ "8652-8899", "udp" ], [ "8902-9149", "udp" ], [ "9152-9339", "udp" ], [ "9402-9649", "udp" ], [ "9652-9899", "udp" ], [ "9902-10149", "udp" ] ], "protocols": [], "short": "OMG DDS", "source_ports": [], "version": "" }, "dhcp": { "description": "This allows a DHCP server to accept messages from DHCP clients and relay agents.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "67", "udp" ] ], "protocols": [], "short": "DHCP", "source_ports": [], "version": "" }, "dhcpv6": { "description": "This allows a DHCPv6 server to accept messages from DHCPv6 clients and relay agents.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "547", "udp" ] ], "protocols": [], "short": "DHCPv6", "source_ports": [], "version": "" }, "dhcpv6-client": { "description": "This option allows a DHCP for IPv6 (DHCPv6) client to obtain addresses and other IPv6 settings from DHCPv6 server.", "destination": { "ipv6": "fe80::/64" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "546", "udp" ] ], "protocols": [], "short": "DHCPv6 Client", "source_ports": [], "version": "" }, "distcc": { "description": "Distcc is a protocol used for distributed compilation.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3632", "tcp" ] ], "protocols": [], "short": "distcc", "source_ports": [], "version": "" }, "dns": { "description": "The Domain Name System (DNS) is used to provide and request host and domain names. Enable this option, if you plan to provide a domain name service (e.g. with bind).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "53", "tcp" ], [ "53", "udp" ] ], "protocols": [], "short": "DNS", "source_ports": [], "version": "" }, "dns-over-quic": { "description": "DNS over QUIC (DoQ) is a protocol that combines the security and performance benefits of the QUIC transport protocol with DNS operations, providing encrypted, faster, and more resilient domain name resolution (rfc9250).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "853", "udp" ] ], "protocols": [], "short": "DNS over QUIC", "source_ports": [], "version": "" }, "dns-over-tls": { "description": "DNS over TLS (DoT) is a security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "853", "tcp" ] ], "protocols": [], "short": "DNS over TLS", "source_ports": [], "version": "" }, "docker-registry": { "description": "Docker Registry is the protocol used to serve Docker images. If you plan to make your Docker Registry server publicly available, enable this option. This option is not required for developing Docker images locally.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5000", "tcp" ] ], "protocols": [], "short": "Docker Registry", "source_ports": [], "version": "" }, "docker-swarm": { "description": "Natively managed cluster of Docker Engines (>=1.12.0), where you deploy services.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2377", "tcp" ], [ "7946", "tcp" ], [ "7946", "udp" ], [ "4789", "udp" ] ], "protocols": [ "esp" ], "short": "Docker integrated swarm mode", "source_ports": [], "version": "" }, "dropbox-lansync": { "description": "Dropbox LAN sync", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "17500", "udp" ], [ "17500", "tcp" ] ], "protocols": [], "short": "dropboxlansync", "source_ports": [], "version": "1.0" }, "elasticsearch": { "description": "Elasticsearch is a distributed, open source search and analytics engine, designed for horizontal scalability, reliability, and easy management.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9300", "tcp" ], [ "9200", "tcp" ] ], "protocols": [], "short": "Elasticsearch", "source_ports": [], "version": "" }, "etcd-client": { "description": "etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the client side port.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2379", "tcp" ] ], "protocols": [], "short": "etcd Client", "source_ports": [], "version": "" }, "etcd-server": { "description": "etcd implements a distributed key value store that provides a reliably way to store data across a cluster of machines. This is the server side port.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2380", "tcp" ] ], "protocols": [], "short": "etcd Server", "source_ports": [], "version": "" }, "factorio": { "description": " Factorio is a game about building and creating automated factories to produce items of increasing complexity, within an infinite 2D world. Use your imagination to design your factory, combine simple elements into ingenious structures, and finally protect it from the creatures who don't really like you. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "34197", "udp" ] ], "protocols": [], "short": "Factorio", "source_ports": [], "version": "" }, "finger": { "description": "Finger is a protocol for obtaining information about users on remote hosts.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "79", "tcp" ] ], "protocols": [], "short": "finger", "source_ports": [], "version": "" }, "foreman": { "description": "Foreman is a complete lifecycle management tool for physical and virtual servers.", "destination": {}, "helpers": [], "includes": [ "dns", "http", "https", "dhcp", "tftp" ], "modules": [], "ports": [ [ "68", "udp" ], [ "8140", "tcp" ] ], "protocols": [], "short": "foreman", "source_ports": [], "version": "" }, "foreman-proxy": { "description": "The Smart Proxy is a project which provides a restful API to various sub-systems.", "destination": {}, "helpers": [], "includes": [ "foreman" ], "modules": [], "ports": [ [ "8443", "tcp" ] ], "protocols": [], "short": "foreman-proxy", "source_ports": [], "version": "" }, "freeipa-4": { "description": "FreeIPA is an integrated identity and authentication solution with Kerberos, LDAP, PKI, and web UI. Enable this option if you plan to provide a FreeIPA server. Enable the 'dns' service if this FreeIPA server provides DNS services, 'ntp' service if this FreeIPA server provides NTP services, and 'freeipa-trust' for cross-forest trusts with Active Directory.", "destination": {}, "helpers": [], "includes": [ "http", "https", "kerberos", "kpasswd", "ldap", "ldaps" ], "modules": [], "ports": [], "protocols": [], "short": "FreeIPA 4 server", "source_ports": [], "version": "" }, "freeipa-ldap": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ], [ "443", "tcp" ], [ "88", "tcp" ], [ "88", "udp" ], [ "464", "tcp" ], [ "464", "udp" ], [ "123", "udp" ], [ "389", "tcp" ] ], "protocols": [], "short": "FreeIPA with LDAP (deprecated)", "source_ports": [], "version": "" }, "freeipa-ldaps": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ], [ "443", "tcp" ], [ "88", "tcp" ], [ "88", "udp" ], [ "464", "tcp" ], [ "464", "udp" ], [ "123", "udp" ], [ "636", "tcp" ] ], "protocols": [], "short": "FreeIPA with LDAPS (deprecated)", "source_ports": [], "version": "" }, "freeipa-replication": { "description": "This service is deprecated. Please use freeipa-4 service instead.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7389", "tcp" ] ], "protocols": [], "short": "FreeIPA replication (deprecated)", "source_ports": [], "version": "" }, "freeipa-trust": { "description": "FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option of you plan to deploy cross-forest trusts with FreeIPA and Active Directory", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "135", "tcp" ], [ "138-139", "tcp" ], [ "138-139", "udp" ], [ "389", "tcp" ], [ "389", "udp" ], [ "445", "tcp" ], [ "445", "udp" ], [ "49152-65535", "tcp" ], [ "3268", "tcp" ] ], "protocols": [], "short": "FreeIPA trust setup", "source_ports": [], "version": "" }, "ftp": { "description": "FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.", "destination": {}, "helpers": [ "ftp" ], "includes": [], "modules": [], "ports": [ [ "21", "tcp" ] ], "protocols": [], "short": "FTP", "source_ports": [], "version": "" }, "galera": { "description": "MariaDB-Galera Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3306", "tcp" ], [ "4567", "tcp" ], [ "4568", "tcp" ], [ "4444", "tcp" ] ], "protocols": [], "short": "Galera", "source_ports": [], "version": "" }, "ganglia-client": { "description": "Ganglia monitoring daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8660", "tcp" ] ], "protocols": [], "short": "ganglia-client", "source_ports": [], "version": "" }, "ganglia-master": { "description": "Ganglia collector", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8651", "tcp" ] ], "protocols": [], "short": "ganglia-master", "source_ports": [], "version": "" }, "git": { "description": "The git daemon for supporting git:// access to git repositories.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9418", "tcp" ] ], "protocols": [], "short": "git", "source_ports": [], "version": "" }, "gpsd": { "description": "gpsd is a service daemon that monitors one or more GPSes or AIS receivers attached to a host computer through serial or USB ports, making all data on the location/course/velocity of the sensors available to be queried on TCP port 2947 of the host computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2947", "tcp" ] ], "protocols": [], "short": "gpsd", "source_ports": [], "version": "" }, "grafana": { "description": "Grafana is an open platform for beautiful analytics and monitoring", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3000", "tcp" ] ], "protocols": [], "short": "grafana", "source_ports": [], "version": "" }, "gre": { "description": "", "destination": {}, "helpers": [ "proto-gre" ], "includes": [], "modules": [], "ports": [], "protocols": [ "gre" ], "short": "", "source_ports": [], "version": "" }, "high-availability": { "description": "This allows you to use the Red Hat High Availability (previously named Red Hat Cluster Suite). Ports are opened for corosync, pcsd, pacemaker_remote, dlm and corosync-qnetd.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2224", "tcp" ], [ "3121", "tcp" ], [ "5403", "tcp" ], [ "5404", "udp" ], [ "5405-5412", "udp" ], [ "9929", "tcp" ], [ "9929", "udp" ], [ "21064", "tcp" ] ], "protocols": [], "short": "Red Hat High Availability", "source_ports": [], "version": "" }, "http": { "description": "HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "80", "tcp" ] ], "protocols": [], "short": "WWW (HTTP)", "source_ports": [], "version": "" }, "http3": { "description": "HTTP/3 is a protocol used to serve Web pages that uses QUIC as the transport protocol. If you plan to make your HTTP/3 compatible Web server publicly available, enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "443", "udp" ] ], "protocols": [], "short": "WWW (HTTP/3)", "source_ports": [], "version": "" }, "https": { "description": "HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "443", "tcp" ] ], "protocols": [], "short": "Secure WWW (HTTPS)", "source_ports": [], "version": "" }, "ident": { "description": "The Identification Protocol as specified in RFC 1413, which is used to determine the identity of a user of a particular TCP connection.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "113", "tcp" ] ], "protocols": [], "short": "Ident Protocol", "source_ports": [], "version": "" }, "imap": { "description": "The Internet Message Access Protocol(IMAP) allows a local client to access email on a remote server. If you plan to provide a IMAP service (e.g. with dovecot), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "143", "tcp" ] ], "protocols": [], "short": "IMAP", "source_ports": [], "version": "" }, "imaps": { "description": "The Internet Message Access Protocol over SSL (IMAPs) allows a local client to access email on a remote server in a secure way. If you plan to provide a IMAP over SSL service (e.g. with dovecot), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "993", "tcp" ] ], "protocols": [], "short": "IMAP over SSL", "source_ports": [], "version": "" }, "ipfs": { "description": "The InterPlanetary File System (IPFS) is a peer-to-peer hypermedia protocol designed to make the web faster, safer, and more open", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4001", "tcp" ], [ "4001", "udp" ] ], "protocols": [], "short": "IPFS", "source_ports": [], "version": "" }, "ipp": { "description": "The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over tcp) provides the ability to share printers over the network. Enable this option if you plan to share printers via cups over the network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "631", "tcp" ], [ "631", "udp" ] ], "protocols": [], "short": "Network Printing Server (IPP)", "source_ports": [], "version": "" }, "ipp-client": { "description": "The Internet Printing Protocol (IPP) is used for distributed printing. IPP (over udp) provides the ability to get information about a printer (e.g. capability and status) and to control printer jobs. If you plan to use a remote network printer via cups, do not disable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "631", "udp" ] ], "protocols": [], "short": "Network Printing Client (IPP)", "source_ports": [], "version": "" }, "ipsec": { "description": "Internet Protocol Security (IPsec) is the standardized IETF VPN architecture defined in RFC 4301. IPsec is negotiated using the IKEv1 (RFC 2409) or IKEv2 (RFC 7296) protocol, which in itself uses encryption and authentication. IPsec provides Internet Protocol (IP) packet encryption and authentication. Both IKE and IPsec can be encapsulated in UDP (RFC 3948) or TCP (RFC 8229 to make it easier to traverse NAT. Enabling this service will enable IKE, IPsec and their encapsulation protocols and ports. Note that IKE and IPsec can also be configured to use non-default ports, but this is not common practice.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "500", "udp" ], [ "4500", "udp" ], [ "4500", "tcp" ] ], "protocols": [ "ah", "esp" ], "short": "IPsec", "source_ports": [], "version": "" }, "irc": { "description": "An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6667", "tcp" ] ], "protocols": [], "short": "IRC", "source_ports": [], "version": "" }, "ircs": { "description": "An IRCd, short for Internet Relay Chat daemon, is server software that implements the IRC protocol.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6697", "tcp" ] ], "protocols": [], "short": "IRC TLS/SSL", "source_ports": [], "version": "" }, "iscsi-target": { "description": "Internet SCSI target is a storage resource located on an iSCSI server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3260", "tcp" ], [ "3260", "udp" ] ], "protocols": [], "short": "iSCSI target", "source_ports": [], "version": "" }, "isns": { "description": "The Internet Storage Name Service (iSNS) is a protocol that allows automated discovery, management and configuration of iSCSI and Fibre Channel devices on a TCP/IP network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3205", "tcp" ], [ "3205", "udp" ] ], "protocols": [], "short": "iSNS", "source_ports": [], "version": "" }, "jenkins": { "description": "Jenkins is an open source automation server written in Java.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8080", "tcp" ] ], "protocols": [], "short": "jenkins", "source_ports": [], "version": "" }, "kadmin": { "description": "Kerberos Administration Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "749", "tcp" ] ], "protocols": [], "short": "kadmin", "source_ports": [], "version": "" }, "kdeconnect": { "description": "KDE Connect is an application to connect your phone to your computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1714-1764", "tcp" ], [ "1714-1764", "udp" ] ], "protocols": [], "short": "KDE Connect", "source_ports": [], "version": "" }, "kerberos": { "description": "Kerberos network authentication protocol server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "88", "tcp" ], [ "88", "udp" ] ], "protocols": [], "short": "Kerberos", "source_ports": [], "version": "" }, "kibana": { "description": "Kibana is an open source data visualization platform that allows you to interact with your data through stunning, powerful graphics that can be combined into custom dashboards that help you share insights from your data far and wide.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5601", "tcp" ] ], "protocols": [], "short": "Kibana", "source_ports": [], "version": "" }, "klogin": { "description": "The kerberized rlogin server accepts BSD-style rlogin sessions, but uses Kerberos 5 authentication.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "543", "tcp" ] ], "protocols": [], "short": "klogin", "source_ports": [], "version": "" }, "kpasswd": { "description": "Kerberos password (Kpasswd) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "464", "tcp" ], [ "464", "udp" ] ], "protocols": [], "short": "Kpasswd", "source_ports": [], "version": "" }, "kprop": { "description": "Kerberos KDC Propagation Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "754", "tcp" ] ], "protocols": [], "short": "kprop", "source_ports": [], "version": "" }, "kshell": { "description": "Kerberized rshell server accepts rshell commands authenticated and encrypted with Kerberos 5", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "544", "tcp" ] ], "protocols": [], "short": "kshell", "source_ports": [], "version": "" }, "kube-api": { "description": "Backwards compatibility after service renaming", "destination": {}, "helpers": [], "includes": [ "kubelet" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kube-apiserver": { "description": "The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6443", "tcp" ] ], "protocols": [], "short": "Kubernetes Api Server", "source_ports": [], "version": "" }, "kube-control-plane": { "description": "The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others", "destination": {}, "helpers": [], "includes": [ "etcd-client", "etcd-server", "kube-apiserver", "kube-controller-manager", "kube-scheduler" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Control-plane Node", "source_ports": [], "version": "" }, "kube-control-plane-secure": { "description": "The Kubernetes Control-plane Node runs all the services of the Kubernetes Control Plane. This includes kube-apiserver, etcd, kube-schedule, kube-controller-manager, cloud-controller-manager, and others", "destination": {}, "helpers": [], "includes": [ "etcd-client", "etcd-server", "kube-apiserver", "kube-controller-manager-secure", "kube-scheduler-secure" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Control-plane Node - secure", "source_ports": [], "version": "" }, "kube-controller-manager": { "description": "The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10252", "tcp" ] ], "protocols": [], "short": "Kubernetes Controller Manager", "source_ports": [], "version": "" }, "kube-controller-manager-secure": { "description": "The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10257", "tcp" ] ], "protocols": [], "short": "Kubernetes Controller Manager - Secure", "source_ports": [], "version": "" }, "kube-nodeport-services": { "description": "Services of type NodePort expose a port on each worker", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "30000-32767", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kube-scheduler": { "description": "The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10251", "tcp" ] ], "protocols": [], "short": "Kubernetes Scheduler", "source_ports": [], "version": "" }, "kube-scheduler-secure": { "description": "The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts availability, performance, and capacity.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10259", "tcp" ] ], "protocols": [], "short": "Kubernetes Scheduler - secure", "source_ports": [], "version": "" }, "kube-worker": { "description": "The Kubernetes Worker Node runs some (or sometimes all) of the workloads of the Kubernetes cluster. There might be NodoPort services associated with these workloads.", "destination": {}, "helpers": [], "includes": [ "kubelet", "kube-nodeport-services" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Worker Node", "source_ports": [], "version": "" }, "kubelet": { "description": "The kubelet API is used to communicate between kube-scheduler and the node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10250", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet", "source_ports": [], "version": "" }, "kubelet-readonly": { "description": "The kubelet API is used to communicate between kube-scheduler and the node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10255", "tcp" ] ], "protocols": [], "short": "Kubernetes Kubelet read", "source_ports": [], "version": "" }, "kubelet-worker": { "description": "Backwards compatibility after service renaming", "destination": {}, "helpers": [], "includes": [ "kube-worker" ], "modules": [], "ports": [], "protocols": [], "short": "Kubernetes Worker Node", "source_ports": [], "version": "" }, "ldap": { "description": "Lightweight Directory Access Protocol (LDAP) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "389", "tcp" ] ], "protocols": [], "short": "LDAP", "source_ports": [], "version": "" }, "ldaps": { "description": "Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "636", "tcp" ] ], "protocols": [], "short": "LDAPS", "source_ports": [], "version": "" }, "libvirt": { "description": "Enable this option if you want to allow remote virtual machine management with SASL authentication and encryption (digest-md5 passwords or GSSAPI/Kerberos). The libvirtd service is needed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "16509", "tcp" ] ], "protocols": [], "short": "Virtual Machine Management", "source_ports": [], "version": "" }, "libvirt-tls": { "description": "Enable this option if you want to allow remote virtual machine management with TLS encryption, x509 certificates and optional SASL authentication. The libvirtd service is needed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "16514", "tcp" ] ], "protocols": [], "short": "Virtual Machine Management (TLS)", "source_ports": [], "version": "" }, "lightning-network": { "description": "The default port used by Lightning Network. Enable this option if you plan to be a Lightning Network node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9735", "tcp" ] ], "protocols": [], "short": "Lightning Network", "source_ports": [], "version": "" }, "llmnr": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. In order to allow this host to resolve other hosts, use the llmnr-client service. ", "destination": {}, "helpers": [], "includes": [ "llmnr-tcp", "llmnr-udp" ], "modules": [], "ports": [], "protocols": [], "short": "LLMNR", "source_ports": [], "version": "" }, "llmnr-client": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service allows incoming LLMNR responses. Due to protocol details the service matches by source port and thus allows unsolicited responses. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "LLMNR Client", "source_ports": [ [ "5355", "udp" ] ], "version": "" }, "llmnr-tcp": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5355", "tcp" ] ], "protocols": [], "short": "LLMNR (TCP)", "source_ports": [], "version": "" }, "llmnr-udp": { "description": " Link-Local Multicast Name Resolution (LLMNR) allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local network. This service matches incoming queries; it will allow this host to be resolved by other hosts. ", "destination": { "ipv4": "224.0.0.252", "ipv6": "ff02::1:3" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5355", "udp" ] ], "protocols": [], "short": "LLMNR (UDP)", "source_ports": [], "version": "" }, "managesieve": { "description": "The ManageSieve Protocol allows a local client to manage eMail sieve scripts on a remote server. If you plan to provide a ManageSieve service (e.g. with dovecot pigeonhole), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4190", "tcp" ] ], "protocols": [], "short": "ManageSieve", "source_ports": [], "version": "" }, "matrix": { "description": "Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Port 443 is the 'client' port, whereas port 8448 is the Federation port. Federation is the process by which users on different servers can participate in the same room.", "destination": {}, "helpers": [], "includes": [ "https" ], "modules": [], "ports": [ [ "8448", "tcp" ] ], "protocols": [], "short": "Matrix", "source_ports": [], "version": "" }, "mdns": { "description": "mDNS provides the ability to use DNS programming interfaces, packet formats and operating semantics in a small network without a conventional DNS server. If you plan to use Avahi, do not disable this option.", "destination": { "ipv4": "224.0.0.251", "ipv6": "ff02::fb" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5353", "udp" ] ], "protocols": [], "short": "Multicast DNS (mDNS)", "source_ports": [], "version": "" }, "memcache": { "description": "memcache is a high-performance object caching system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "11211", "tcp" ], [ "11211", "udp" ] ], "protocols": [], "short": "memcache", "source_ports": [], "version": "" }, "minecraft": { "description": " Minecraft is a sandbox game developed by Mojang Studios. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25565", "tcp" ], [ "25565", "udp" ] ], "protocols": [], "short": "Minecraft", "source_ports": [], "version": "" }, "minidlna": { "description": "MiniDLNA is a simple media server software with the aim to be fully compliant with DLNA/UPNP-AV clients. Enable this service if you run minidlna service.", "destination": {}, "helpers": [], "includes": [ "ssdp" ], "modules": [], "ports": [ [ "8200", "tcp" ] ], "protocols": [], "short": "MiniDLNA", "source_ports": [], "version": "" }, "mongodb": { "description": "MongoDB is a free and open-source cross-platform document-oriented database program.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "27017", "tcp" ] ], "protocols": [], "short": "mongodb", "source_ports": [], "version": "" }, "mosh": { "description": "Mosh is a remote terminal application that supports intermittent network connectivity, roaming to different IP address without dropping the connection, intelligent local echo and line editing to reduct the effects of \"network lag\" on high-latency connections.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "60000-61000", "udp" ] ], "protocols": [], "short": "Mobile shell that supports roaming and intelligent local echo.", "source_ports": [], "version": "" }, "mountd": { "description": "NFS Mount Lock Daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "20048", "tcp" ], [ "20048", "udp" ] ], "protocols": [], "short": "mountd", "source_ports": [], "version": "" }, "mqtt": { "description": "The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol is unencrypted.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1883", "tcp" ] ], "protocols": [], "short": "mqtt", "source_ports": [], "version": "" }, "mqtt-tls": { "description": "The Message Queuing Telemetry Transport (MQTT) is a machine-to-machine connectivity protocol. This variant of the protocol uses TLS encryption.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8883", "tcp" ] ], "protocols": [], "short": "mqtt-tls", "source_ports": [], "version": "" }, "ms-wbt": { "description": "Microsoft Windows-based Terminal Server", "destination": {}, "helpers": [], "includes": [ "rdp" ], "modules": [], "ports": [], "protocols": [], "short": "ms-wbt", "source_ports": [], "version": "" }, "mssql": { "description": "Microsoft SQL Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1433", "tcp" ] ], "protocols": [], "short": "mssql", "source_ports": [], "version": "" }, "murmur": { "description": "Murmur is the server of the Mumble VoIP chat system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "64738", "tcp" ], [ "64738", "udp" ] ], "protocols": [], "short": "Murmur", "source_ports": [], "version": "" }, "mysql": { "description": "MySQL Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3306", "tcp" ] ], "protocols": [], "short": "MySQL", "source_ports": [], "version": "" }, "nbd": { "description": "Network Block Device (NBD) is a high-performance protocol for exporting disk images between machines.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10809", "tcp" ] ], "protocols": [], "short": "NBD", "source_ports": [], "version": "" }, "nebula": { "description": "Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. The port needs to be open if the host is set as lighthouse.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4242", "udp" ] ], "protocols": [], "short": "Nebula", "source_ports": [], "version": "" }, "need-for-speed-most-wanted": { "description": " Need for Speed: Most Wanted is a 2005 open-world racing video game, and the ninth installment in the Need for Speed series. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "13505", "tcp" ], [ "30900-30999", "tcp" ], [ "3658", "udp" ] ], "protocols": [], "short": "Need for Speed: Most Wanted", "source_ports": [], "version": "" }, "netbios-ns": { "description": "This allows you to find Windows (Samba) servers that share files and printers.", "destination": {}, "helpers": [ "netbios-ns" ], "includes": [], "modules": [], "ports": [ [ "137", "udp" ] ], "protocols": [], "short": "NetBIOS NS", "source_ports": [], "version": "" }, "netdata-dashboard": { "description": "Netdata dashboard is a place to view the results of the netdata monitoring agent", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "19999", "tcp" ] ], "protocols": [], "short": "Netdata Dashboard", "source_ports": [], "version": "" }, "nfs": { "description": "The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2049", "tcp" ] ], "protocols": [], "short": "NFS4", "source_ports": [], "version": "" }, "nfs3": { "description": "The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2049", "tcp" ], [ "2049", "udp" ] ], "protocols": [], "short": "NFS3", "source_ports": [], "version": "" }, "nmea-0183": { "description": "NMEA-0183 Navigational Data server for use with Global Navigation Satellite System (GNSS) devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10110", "tcp" ], [ "10110", "udp" ] ], "protocols": [], "short": "nmea-0183", "source_ports": [], "version": "" }, "nrpe": { "description": "NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5666", "tcp" ] ], "protocols": [], "short": "NRPE", "source_ports": [], "version": "" }, "ntp": { "description": "The Network Time Protocol (NTP) allows to synchronize computers to a time server. Enable this option, if you are providing a NTP server. You need the ntp or chrony package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "123", "udp" ] ], "protocols": [], "short": "Network Time Protocol (NTP) Server", "source_ports": [], "version": "" }, "nut": { "description": "Network UPS Tools (NUT) is a protocol that allows to monitor and control power devices like uninterruptible power supplies.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3493", "tcp" ] ], "protocols": [], "short": "NUT", "source_ports": [], "version": "" }, "opentelemetry": { "description": "OpenTelemetry Protocol (OTLP) specification describes the encoding, transport, and delivery mechanism of telemetry data between telemetry sources, intermediate nodes such as collectors and telemetry backends.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4317", "tcp" ], [ "4318", "tcp" ] ], "protocols": [], "short": "OTLP", "source_ports": [], "version": "" }, "openvpn": { "description": "OpenVPN is a virtual private network (VPN) solution. It is used to create encrypted point-to-point tunnels between computers. If you plan to provide a VPN service, enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1194", "udp" ] ], "protocols": [], "short": "OpenVPN", "source_ports": [], "version": "" }, "ovirt-imageio": { "description": "oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "54322", "tcp" ] ], "protocols": [], "short": "oVirt Image I/O", "source_ports": [], "version": "" }, "ovirt-storageconsole": { "description": "oVirt Storage Console is a web-based storage management platform specially designed to efficiently manage oVirt's storage-defined storage.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "55863", "tcp" ], [ "39543", "tcp" ] ], "protocols": [], "short": "oVirt Storage-Console", "source_ports": [], "version": "" }, "ovirt-vmconsole": { "description": "oVirt VM Consoles enables secure access to virtual machine serial console.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2223", "tcp" ] ], "protocols": [], "short": "oVirt VM Console", "source_ports": [], "version": "" }, "plex": { "description": "Plex Media Server (PMS) is the back-end media server component of Plex. It organizes content from personal media libraries and streams it to the network.", "destination": {}, "helpers": [], "includes": [ "ssdp" ], "modules": [], "ports": [ [ "32400", "tcp" ], [ "32400", "udp" ], [ "32469", "tcp" ], [ "3005", "tcp" ], [ "8324", "tcp" ], [ "32410", "udp" ], [ "32412", "udp" ], [ "32413", "udp" ], [ "32414", "udp" ] ], "protocols": [], "short": "PLEX", "source_ports": [], "version": "" }, "pmcd": { "description": "This option allows PCP (Performance Co-Pilot) monitoring. If you need to allow remote hosts to connect directly to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44321", "tcp" ] ], "protocols": [], "short": "Performance metrics collector (pmcd)", "source_ports": [], "version": "" }, "pmproxy": { "description": "This option allows indirect PCP (Performance Co-Pilot) monitoring via a proxy. If you need to allow remote hosts to connect through your machine to monitor aspects of performance of one or more proxied hosts, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44322", "tcp" ] ], "protocols": [], "short": "Performance metrics proxy (pmproxy)", "source_ports": [], "version": "" }, "pmwebapi": { "description": "This option allows web clients to use PCP (Performance Co-Pilot) monitoring services. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44323", "tcp" ] ], "protocols": [], "short": "Performance metrics web API (pmwebapi)", "source_ports": [], "version": "" }, "pmwebapis": { "description": "This option allows web clients to use PCP (Performance Co-Pilot) monitoring services over a secure connection. If you need to allow remote web clients to connect to your machine to monitor aspects of its performance, and you consider that information to be sensitive, enable this option. You need the pcp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "44324", "tcp" ] ], "protocols": [], "short": "Secure performance metrics web API (pmwebapis)", "source_ports": [], "version": "" }, "pop3": { "description": "The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "110", "tcp" ] ], "protocols": [], "short": "POP-3", "source_ports": [], "version": "" }, "pop3s": { "description": "The Post Office Protocol version 3 (POP3) is a protocol to retrieve email from a remote server over a TCP/IP connection. Enable this option, if you plan to provide a POP3 service (e.g. with dovecot).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "995", "tcp" ] ], "protocols": [], "short": "POP-3 over SSL", "source_ports": [], "version": "" }, "postgresql": { "description": "PostgreSQL Database Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5432", "tcp" ] ], "protocols": [], "short": "PostgreSQL", "source_ports": [], "version": "" }, "privoxy": { "description": "Privoxy is a web proxy for enhancing privacy by filtering web page content, managing cookies, controlling access, removing ads, banners, pop-ups and other obnoxious Internet junk. It does not cache web content. Enable this if you run Privoxy and would like to configure your web browser to browse the Internet via Privoxy.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8118", "tcp" ] ], "protocols": [], "short": "Privoxy - A Privacy Enhancing Proxy Server", "source_ports": [], "version": "" }, "prometheus": { "description": "The Prometheus monitoring system and time series database.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9090", "tcp" ] ], "protocols": [], "short": "prometheus", "source_ports": [], "version": "" }, "prometheus-node-exporter": { "description": "The node-exporter agent for Prometheus monitoring system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9100", "tcp" ] ], "protocols": [], "short": "prometheus-node-exporter", "source_ports": [], "version": "" }, "proxy-dhcp": { "description": "PXE redirection service (Proxy DHCP) responds to PXE clients and provides redirection to PXE boot servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4011", "udp" ] ], "protocols": [], "short": "Proxy DHCP", "source_ports": [], "version": "" }, "ps2link": { "description": "ps2link is a protocol used for interacting with a PlayStation 2 system.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "18194", "udp" ], [ "18193", "tcp" ] ], "protocols": [], "short": "ps2link", "source_ports": [], "version": "" }, "ps3netsrv": { "description": "PS3 Network Server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "38008", "tcp" ] ], "protocols": [], "short": "ps3netsrv", "source_ports": [], "version": "" }, "ptp": { "description": "The Precision Time Protocol (PTP) allows to synchronize computers to a time master. Enable this option, if you are providing a PTP master. You need the linuxptp package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "319", "udp" ], [ "320", "udp" ] ], "protocols": [], "short": "Precision Time Protocol (PTP) Master", "source_ports": [], "version": "" }, "pulseaudio": { "description": "A PulseAudio server provides an ability to stream audio over network. You want to enable this service in case you are using module-native-protocol-tcp in the PulseAudio configuration. If you are using module-zeroconf-publish you want also enable mdns service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4713", "tcp" ] ], "protocols": [], "short": "PulseAudio", "source_ports": [], "version": "" }, "puppetmaster": { "description": "Puppet is a network tool for managing many disparate systems. Puppet Master is a server which Puppet Agents pull their configurations from.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8140", "tcp" ] ], "protocols": [], "short": "Puppet Master", "source_ports": [], "version": "" }, "quassel": { "description": "Quassel is a distributed IRC client, meaning that one or more clients can attach to and detach from the central core.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4242", "tcp" ] ], "protocols": [], "short": "Quassel IRC", "source_ports": [], "version": "" }, "radius": { "description": "The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1812", "tcp" ], [ "1812", "udp" ], [ "1813", "tcp" ], [ "1813", "udp" ] ], "protocols": [], "short": "RADIUS", "source_ports": [], "version": "" }, "rdp": { "description": "Microsoft's Remote Desktop Protocol", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3389", "tcp" ] ], "protocols": [], "short": "rdp", "source_ports": [], "version": "" }, "redis": { "description": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6379", "tcp" ] ], "protocols": [], "short": "redis", "source_ports": [], "version": "" }, "redis-sentinel": { "description": "Redis Sentinel provides high availability for Redis.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "26379", "tcp" ] ], "protocols": [], "short": "redis-sentinel", "source_ports": [], "version": "" }, "rpc-bind": { "description": "Remote Procedure Call Bind", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "111", "tcp" ], [ "111", "udp" ] ], "protocols": [], "short": "rpc-bind", "source_ports": [], "version": "" }, "rquotad": { "description": "Remote Quota Server Daemon", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "875", "tcp" ], [ "875", "udp" ] ], "protocols": [], "short": "rquotad", "source_ports": [], "version": "" }, "rsh": { "description": "Rsh is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling rsh is not recommended.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "514", "tcp" ] ], "protocols": [], "short": "rsh", "source_ports": [], "version": "" }, "rsyncd": { "description": "Rsync in daemon mode works as a central server, in order to house centralized files and keep them synchronized.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "873", "tcp" ], [ "873", "udp" ] ], "protocols": [], "short": "Rsync in daemon mode", "source_ports": [], "version": "" }, "rtsp": { "description": "The Real Time Streaming Protocol (RTSP) is a network control protocol designed for use in entertainment and communications systems to control streaming media servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "554", "tcp" ], [ "554", "udp" ] ], "protocols": [], "short": "RTSP", "source_ports": [], "version": "" }, "salt-master": { "description": "Salt is a protocol used for infrastructure management via a dynamic communication bus. These ports are required on the salt master node.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "4505", "tcp" ], [ "4506", "tcp" ] ], "protocols": [], "short": "Salt Master", "source_ports": [], "version": "" }, "samba": { "description": "This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "samba-client" ], "modules": [], "ports": [ [ "139", "tcp" ], [ "445", "tcp" ] ], "protocols": [], "short": "Samba", "source_ports": [], "version": "" }, "samba-client": { "description": "This option allows you to access Windows file and printer sharing networks. You need the samba-client package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "netbios-ns" ], "modules": [], "ports": [ [ "138", "udp" ] ], "protocols": [], "short": "Samba Client", "source_ports": [], "version": "" }, "samba-dc": { "description": "This option allows you to use this computer as a Samba Active Directory Domain Controller. You need the samba-dc package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [ "samba", "dns", "kerberos", "ldap", "ldaps", "kpasswd" ], "modules": [], "ports": [ [ "135", "tcp" ], [ "389", "udp" ], [ "49152-65535", "tcp" ], [ "3268", "tcp" ], [ "3269", "tcp" ] ], "protocols": [], "short": "Samba DC", "source_ports": [], "version": "" }, "sane": { "description": "The SANE (Scanner Access Now Easy) daemon allows remote clients to access image acquisition devices available on the local host.", "destination": {}, "helpers": [ "sane" ], "includes": [], "modules": [], "ports": [ [ "6566", "tcp" ] ], "protocols": [], "short": "SANE network daemon (saned)", "source_ports": [], "version": "" }, "settlers-history-collection": { "description": "The Settlers History Collection includes History Editions of all seven previous Settlers games, which includes gold versions of each game with all expansions.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1005", "udp" ], [ "1100", "udp" ], [ "3074", "udp" ], [ "6200", "udp" ], [ "6300", "udp" ] ], "protocols": [], "short": "The Settlers History Collection", "source_ports": [], "version": "" }, "sip": { "description": "The Session Initiation Protocol (SIP) is a communications protocol for signaling and controlling multimedia communication sessions. The most common applications of SIP are in Internet telephony for voice and video calls, as well as instant messaging, over Internet Protocol (IP) networks.", "destination": {}, "helpers": [ "sip" ], "includes": [], "modules": [], "ports": [ [ "5060", "tcp" ], [ "5060", "udp" ] ], "protocols": [], "short": "SIP", "source_ports": [], "version": "" }, "sips": { "description": "SIP-TLS is a modified SIP (Session Initiation Protocol) using TLS for secure signaling.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5061", "tcp" ], [ "5061", "udp" ] ], "protocols": [], "short": "SIP-TLS (SIPS)", "source_ports": [], "version": "" }, "slp": { "description": "The Service Location Protocol (SLP) is used for discovering services in a local network without prior configuration.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "427", "tcp" ], [ "427", "udp" ] ], "protocols": [], "short": "SLP", "source_ports": [], "version": "" }, "smtp": { "description": "This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "25", "tcp" ] ], "protocols": [], "short": "Mail (SMTP)", "source_ports": [], "version": "" }, "smtp-submission": { "description": "This service is deprecated. Please use the \"submission\" service.", "destination": {}, "helpers": [], "includes": [ "submission" ], "modules": [], "ports": [], "protocols": [], "short": "Mail (SMTP-Submission)", "source_ports": [], "version": "" }, "smtps": { "description": "This option allows incoming SMTPs mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail in a secure way, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "465", "tcp" ] ], "protocols": [], "short": "Mail (SMTP over SSL)", "source_ports": [], "version": "" }, "snmp": { "description": "Simple Network Management Protocol is an \"Internet-standard protocol for managing devices on IP networks\". Enable this service if you run SNMP agent (server).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "161", "tcp" ], [ "161", "udp" ] ], "protocols": [], "short": "SNMP", "source_ports": [], "version": "" }, "snmptls": { "description": "Simple Network Management Protocol over TLS/DTLS is an \"Internet-standard protocol for managing devices on IP networks\" protected by TLS. Enable this service if you run SNMP agent (server).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10161", "tcp" ], [ "10161", "udp" ] ], "protocols": [], "short": "Secure SNMP (TLS)", "source_ports": [], "version": "" }, "snmptls-trap": { "description": "Secure SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. This port is protected by TLS.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10162", "tcp" ], [ "10162", "udp" ] ], "protocols": [], "short": "Secure SNMPTRAP (TLS)", "source_ports": [], "version": "" }, "snmptrap": { "description": "SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "162", "tcp" ], [ "162", "udp" ] ], "protocols": [], "short": "SNMPTRAP", "source_ports": [], "version": "" }, "spideroak-lansync": { "description": "SpiderOak ONE is online backup and file hosting service that allows users to access, synchronize and share data using a cloud-based server. Enable this option if you use LAN-Sync option of SpiderOak.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "21327", "udp" ], [ "21328", "udp" ] ], "protocols": [], "short": "SpiderOak ONE LAN-Sync", "source_ports": [], "version": "" }, "spotify-sync": { "description": "The Spotify Client allows you to sync local music files with your phone.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "57621", "udp" ], [ "57621", "tcp" ] ], "protocols": [], "short": "Spotify Client Sync", "source_ports": [], "version": "" }, "squid": { "description": "Squid HTTP proxy server", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3128", "tcp" ] ], "protocols": [], "short": "squid", "source_ports": [], "version": "" }, "ssdp": { "description": "The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet protocol suite for advertisement and discovery of network services and presence information.", "destination": { "ipv4": "239.255.255.250", "ipv6": "ff02::c" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1900", "udp" ] ], "protocols": [], "short": "Simple Service Discovery Protocol (SSDP)", "source_ports": [], "version": "" }, "ssh": { "description": "Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22", "tcp" ] ], "protocols": [], "short": "SSH", "source_ports": [], "version": "" }, "statsrv": { "description": " Statistics Server protocol provides a way to give statistics about a system to the outside world. Defined in RFC-996", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "133", "tcp" ], [ "133", "udp" ] ], "protocols": [], "short": "Statistics Server", "source_ports": [], "version": "" }, "steam-streaming": { "description": "Steam in-home streaming allows you to play a game on one computer when the game process is actually running on another computer elsewhere in your home. Through Steam, game audio and video is captured on the remote computer and sent to the player's computer. The game input (keyboard, mouse or gamepad) is sent from the player's computer to the game process on the remote computer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "27036", "tcp" ], [ "27037", "tcp" ], [ "27031-27036", "udp" ] ], "protocols": [], "short": "Steam In-Home Streaming", "source_ports": [], "version": "" }, "stellaris": { "description": " Explore a galaxy full of wonders in this sci-fi grand strategy game from Paradox Development Studios. Interact with diverse alien races, discover strange new worlds with unexpected events and expand the reach of your empire. Each new adventure holds almost limitless possibilities. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "17780-17785", "udp" ] ], "protocols": [], "short": "Stellaris", "source_ports": [], "version": "" }, "stronghold-crusader": { "description": " The highly anticipated sequel to the best-selling Stronghold, Stronghold Crusader (HD) throws you into historic battles and castle sieges from the Crusades with fiendish AI opponents, new units, 4 historical campaigns and over 100 unique skirmish missions. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2300-2400", "tcp" ], [ "47624", "tcp" ], [ "2300-2400", "udp" ] ], "protocols": [], "short": "Stronghold Crusader", "source_ports": [], "version": "" }, "submission": { "description": "Submission allows remote client users to submit mail using SMTP over port 587.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "587", "tcp" ] ], "protocols": [], "short": "Mail Submission", "source_ports": [], "version": "" }, "supertuxkart": { "description": " SuperTuxKart is a 3D open-source kart racing game. It aims towards fun for players of all skill levels, with item boxes giving random items, nitro, drifting and more. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "2759", "tcp" ], [ "2759", "udp" ], [ "2757", "udp" ], [ "2757", "tcp" ] ], "protocols": [], "short": "SuperTuxKart", "source_ports": [], "version": "" }, "svdrp": { "description": "The Simple Video Disk Recorder Protocol (SVDRP) allows to control video disk recorder functionality.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6419", "tcp" ], [ "6419", "udp" ] ], "protocols": [], "short": "SVDRP", "source_ports": [], "version": "" }, "svn": { "description": "The custom, unencrypted protocol used the Subversion Version Control System.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3690", "tcp" ] ], "protocols": [], "short": "Subversion", "source_ports": [], "version": "" }, "syncthing": { "description": "Syncthing is a peer-to-peer file synchronization service. Enable this option, if you plan to run the Syncthing service.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22000", "tcp" ], [ "22000", "udp" ], [ "21027", "udp" ] ], "protocols": [], "short": "Syncthing", "source_ports": [], "version": "" }, "syncthing-gui": { "description": "Enable this option in addition to the Syncthing option to allow traffic to the Syncthing web interface. (Be sure to secure it accordingly).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8384", "tcp" ] ], "protocols": [], "short": "Syncthing GUI", "source_ports": [], "version": "" }, "syncthing-relay": { "description": "Syncthing is a peer-to-peer file synchronization service. Only enable this option if you run a Syncthing relay server. This separate program (syncthing-relaysrv or relaysrv) is not needed for normal Syncthing usage.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "22067", "tcp" ], [ "22070", "tcp" ] ], "protocols": [], "short": "Syncthing Relay", "source_ports": [], "version": "" }, "synergy": { "description": "Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "24800", "tcp" ] ], "protocols": [], "short": "Synergy", "source_ports": [], "version": "" }, "syscomlan": { "description": "Local system communication", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "1065", "tcp" ], [ "1065", "udp" ] ], "protocols": [], "short": "syscomlan", "source_ports": [], "version": "" }, "syslog": { "description": "Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "514", "udp" ] ], "protocols": [], "short": "syslog", "source_ports": [], "version": "" }, "syslog-tls": { "description": "Syslog is a client/server protocol: a logging application transmits a text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog-tls uses TLS encryption to protect the messages during transport.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "6514", "tcp" ], [ "6514", "udp" ] ], "protocols": [], "short": "syslog-tls", "source_ports": [], "version": "" }, "telnet": { "description": "Telnet is a protocol for logging into remote machines. It is unencrypted, and provides little security from network snooping attacks. Enabling telnet is not recommended. You need the telnet-server package installed for this option to be useful.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "23", "tcp" ] ], "protocols": [], "short": "Telnet", "source_ports": [], "version": "" }, "tentacle": { "description": "Tentacle is a protocol for monitoring computer networks. Pandora FMS is one server implementation.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "41121", "tcp" ] ], "protocols": [], "short": "tentacle", "source_ports": [], "version": "" }, "terraria": { "description": " Dig, fight, explore, build! Nothing is impossible in this action-packed adventure game. Four Pack also available! ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "7777", "tcp" ] ], "protocols": [], "short": "Terraria", "source_ports": [], "version": "" }, "tftp": { "description": "The Trivial File Transfer Protocol (TFTP) is a protocol used to transfer files to and from a remote machine in a simple way. It is normally used only for booting diskless workstations and also to transfer data in the Preboot eXecution Environment (PXE).", "destination": {}, "helpers": [ "tftp" ], "includes": [], "modules": [], "ports": [ [ "69", "udp" ] ], "protocols": [], "short": "TFTP", "source_ports": [], "version": "" }, "tile38": { "description": "Tile38 is a geospatial database, spatial index, and realtime geofence.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9851", "tcp" ] ], "protocols": [], "short": "tile38", "source_ports": [], "version": "" }, "tinc": { "description": "tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "655", "tcp" ], [ "655", "udp" ] ], "protocols": [], "short": "tinc VPN", "source_ports": [], "version": "" }, "tor-socks": { "description": "Tor enables online anonymity and censorship resistance by directing Internet traffic through a network of relays. It conceals user's location from anyone conducting network surveillance and traffic analysis. A user wishing to use Tor for anonymity can configure a program such as a web browser to direct traffic to a Tor client using its SOCKS proxy port. Enable this if you run Tor and would like to configure your web browser or other programs to channel their traffic through the Tor SOCKS proxy port. It is recommended that you make this service available only for your computer or your internal networks.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9050", "tcp" ] ], "protocols": [], "short": "Tor - SOCKS Proxy", "source_ports": [], "version": "" }, "transmission-client": { "description": "Transmission is a lightweight BitTorrent client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "51413", "tcp" ], [ "51413", "udp" ] ], "protocols": [], "short": "Transmission", "source_ports": [], "version": "" }, "upnp-client": { "description": "Universal Plug and Play client for auto-configuration of network routers (use only in trusted zones).", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "UPnP Client", "source_ports": [ [ "1900", "udp" ] ], "version": "" }, "vdsm": { "description": "The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "54321", "tcp" ], [ "5900-6923", "tcp" ], [ "49152-49216", "tcp" ] ], "protocols": [], "short": "oVirt's Virtual Desktop and Server Manager", "source_ports": [], "version": "" }, "vnc-server": { "description": "A VNC server provides an external accessible X session. Enable this option if you plan to provide a VNC server with direct access. The access will be possible for displays :0 to :3. If you plan to provide access with SSH, do not open this option and use the via option of the VNC viewer.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5900-5903", "tcp" ] ], "protocols": [], "short": "Virtual Network Computing Server (VNC)", "source_ports": [], "version": "" }, "vrrp": { "description": "VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.", "destination": { "ipv4": "224.0.0.18", "ipv6": "FF02:0:0:0:0:0:0:12" }, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [ "112" ], "short": "Virtual Router Redundancy Protocol RFC3768 and RFC5798.", "source_ports": [], "version": "" }, "warpinator": { "description": "Warpinator is a file sharing app developed by Linux Mint. Warpinator allows you to send and receive files between computers that are on the same network without the need for any servers or special configuration.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "42000", "tcp" ], [ "42000", "udp" ], [ "42001", "tcp" ] ], "protocols": [], "short": "Warpinator", "source_ports": [], "version": "" }, "wbem-http": { "description": "Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments. This is the unencrypted protocol variant.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5988", "tcp" ] ], "protocols": [], "short": "wbem-http", "source_ports": [], "version": "" }, "wbem-https": { "description": "Web-Based Enterprise Management (WBEM) is a set of systems management technologies developed to unify the management of distributed computing environments", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5989", "tcp" ] ], "protocols": [], "short": "wbem-https", "source_ports": [], "version": "" }, "wireguard": { "description": "WireGuard is the simple, fast and modern VPN. The port needs to be open if a peer has this host explicitly configured as endpoint.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "51820", "udp" ] ], "protocols": [], "short": "WireGuard", "source_ports": [], "version": "" }, "ws-discovery": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": {}, "helpers": [], "includes": [ "ws-discovery-tcp", "ws-discovery-udp" ], "modules": [], "ports": [], "protocols": [], "short": "WS-Discovery", "source_ports": [], "version": "" }, "ws-discovery-client": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network. Use only in trusted zones.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [], "protocols": [], "short": "WS-Discovery Client", "source_ports": [ [ "3702", "udp" ] ], "version": "" }, "ws-discovery-tcp": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3702", "tcp" ] ], "protocols": [], "short": "WS-Discovery (TCP)", "source_ports": [], "version": "" }, "ws-discovery-udp": { "description": "Web Services Dynamic Discovery (WS-Discovery) is a technical specification that defines a multicast discovery protocol to locate services on a local network.", "destination": { "ipv4": "239.255.255.250", "ipv6": "ff02::c" }, "helpers": [], "includes": [], "modules": [], "ports": [ [ "3702", "udp" ] ], "protocols": [], "short": "WS-Discovery (UDP)", "source_ports": [], "version": "" }, "wsman": { "description": "Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol is unencrypted", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5985", "tcp" ] ], "protocols": [], "short": "wsman", "source_ports": [], "version": "" }, "wsmans": { "description": "Web Services for Management (WSMAN) is a protocol for managing PCs, servers, devices, Web services and other applications. This variant of the protocol uses TLS encryption.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5986", "tcp" ] ], "protocols": [], "short": "wsmans", "source_ports": [], "version": "" }, "xdmcp": { "description": "The X Display Manager Control Protocol (XDMCP) allows to remotely log in to an X desktop environment from any X Window System compatible client.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "177", "tcp" ], [ "177", "udp" ] ], "protocols": [], "short": "XDMCP", "source_ports": [], "version": "" }, "xmpp-bosh": { "description": "Extensible Messaging and Presence Protocol (XMPP) web client protocol allows web based chat clients such as JWChat to connect to the XMPP (Jabber) server. This is also known as the Bidirectional-streams Over Synchronous HTTP (BOSH) protocol. Enable this if you run an XMPP (Jabber) server and you wish web clients to connect to your server.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5280", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) web client", "source_ports": [], "version": "" }, "xmpp-client": { "description": "Extensible Messaging and Presence Protocol (XMPP) client connection protocol allows XMPP (Jabber) clients such as Empathy, Pidgin, Kopete and Jitsi to connect to an XMPP (Jabber) server. Enable this if you run an XMPP (Jabber) server and you wish clients to be able to connect to the server and communicate with each other.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5222", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) client", "source_ports": [], "version": "" }, "xmpp-local": { "description": "Serverless XMPP-like communication over local networks based on zero-configuration networking.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5298", "tcp" ] ], "protocols": [], "short": "XMPP Link-Local Messaging", "source_ports": [], "version": "" }, "xmpp-server": { "description": "Extensible Messaging and Presence Protocol (XMPP) server connection protocols allows multiple XMPP (Jabber) servers to work in a federated fashion. Users on one server will be able to see the presence of and communicate with users on another servers. Enable this if you run an XMPP (Jabber) server and you wish users on your server to communicate with users on other XMPP servers.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "5269", "tcp" ] ], "protocols": [], "short": "XMPP (Jabber) server", "source_ports": [], "version": "" }, "zabbix-agent": { "description": "Listen port used by Zabbix agents deployed on monitoring targets.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10050", "tcp" ] ], "protocols": [], "short": "Zabbix Agent", "source_ports": [], "version": "" }, "zabbix-java-gateway": { "description": "Listen port for Zabbix Java Gateway for monitoring Java applications over JMX.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10052", "tcp" ] ], "protocols": [], "short": "Zabbix Java Gateway", "source_ports": [], "version": "" }, "zabbix-server": { "description": "This is an alias for zabbix-trapper. This definition is deprecated in favor of zabbix-trapper.", "destination": {}, "helpers": [], "includes": [ "zabbix-trapper" ], "modules": [], "ports": [], "protocols": [], "short": "Zabbix Server", "source_ports": [], "version": "" }, "zabbix-trapper": { "description": "Trapper port to receive monitoring data used by the Zabbix server and Zabbix proxy.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10051", "tcp" ] ], "protocols": [], "short": "Zabbix Trapper", "source_ports": [], "version": "" }, "zabbix-web-service": { "description": "Listen port of Zabbix web service for receiving HTTP based reporting requests.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "10053", "tcp" ] ], "protocols": [], "short": "Zabbix Web Service", "source_ports": [], "version": "" }, "zero-k": { "description": " With 100+ truly unique units, Zero-K is an RTS of freedom and creativity, tempered by a decade of refinement. Sculpt land into a castle and throw invaders off it with a Jugglenaut. Explore a massive campaign, solo or co-op. Hop online for epic 32 player battles or fast paced 1v1, on 100s of maps. ", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "8452", "udp" ] ], "protocols": [], "short": "Zero-K", "source_ports": [], "version": "" }, "zerotier": { "description": "ZeroTier creates secure networks between on-premise, cloud, desktop, and mobile devices.", "destination": {}, "helpers": [], "includes": [], "modules": [], "ports": [ [ "9993", "udp" ] ], "protocols": [], "short": "ZeroTier", "source_ports": [], "version": "" } }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'tos-host-redirect': {'version': '', 'short': 'TOS Host Redirect', 'description': 'This message is the datagram is redirected for the type of service and host.', 'destination': ['ipv4']}, 'fragmentation-needed': {'version': '', 'short': 'Fragmentation Needed', 'description': 'This error message is sent if fragmentation is required, and Don not Fragment (DF) flag is set.', 'destination': ['ipv4']}, 'host-redirect': {'version': '', 'short': 'Host Redirect', 'description': 'This message is sent if the datagram is redirected for the host.', 'destination': ['ipv4']}, 'required-option-missing': {'version': '', 'short': 'Required Option Missing', 'description': 'This message is sent if a required option is missing.', 'destination': ['ipv4']}, 'unknown-option': {'version': '', 'short': 'Unknown Option', 'description': 'This error message is sent if an unrecognized IPv6 option encountered.', 'destination': ['ipv6']}, 'router-advertisement': {'version': '', 'short': 'Router Advertisement', 'description': 'This message is used by routers to periodically announce the IP address of a multicast interface.', 'destination': []}, 'ip-header-bad': {'version': '', 'short': 'Ip Header Bad', 'description': 'This error message is sent if the IP header is bad.', 'destination': ['ipv4']}, 'source-route-failed': {'version': '', 'short': 'Source Route Failed', 'description': 'This message is sent if the source route has failed.', 'destination': ['ipv4']}, 'address-unreachable': {'version': '', 'short': 'Address Unreachable', 'description': 'This error message is generated by a router, or by the IPv6 layer in the originating node, in response to a packet that cannot be delivered to its destination address for reasons other than congestion.', 'destination': ['ipv6']}, 'network-unknown': {'version': '', 'short': 'Network Unknown', 'description': 'This message is sent if the destination network is unknown.', 'destination': ['ipv4']}, 'network-redirect': {'version': '', 'short': 'Network Redirect', 'description': 'This message is sent if the datagram is redirected for the network.', 'destination': ['ipv4']}, 'redirect': {'version': '', 'short': 'Redirect', 'description': 'This error message informs a host to send packets on another route.', 'destination': []}, 'reject-route': {'version': '', 'short': 'Reject Route', 'description': 'This error message is sent if the route to destination is rejected.', 'destination': ['ipv6']}, 'mld-listener-done': {'version': '', 'short': 'MLD Listener Done', 'description': 'ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Done (type 132) (RFC 4890 section 4.4.1). Also known as mld-listener-reduction to nft.', 'destination': ['ipv6']}, 'packet-too-big': {'version': '', 'short': 'Packet Too Big', 'description': 'This error message is sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link.', 'destination': ['ipv6']}, 'precedence-cutoff': {'version': '', 'short': 'Precedence Cutoff', 'description': 'This message is sent if the precedence is lower than the required minimum.', 'destination': ['ipv4']}, 'protocol-unreachable': {'version': '', 'short': 'Protocol Unreachable', 'description': 'This message is sent if the destination protocol is unreachable.', 'destination': ['ipv4']}, 'communication-prohibited': {'version': '', 'short': 'Communication Prohibited', 'description': 'This error message is sent if communication with destination administratively prohibited.', 'destination': ['ipv4', 'ipv6']}, 'no-route': {'version': '', 'short': 'No Route', 'description': 'This error message is set if there is no route to the destination.', 'destination': ['ipv6']}, 'host-precedence-violation': {'version': '', 'short': 'Host Precedence Violation', 'description': 'This error message is sent if the communication administratively prohibited.', 'destination': ['ipv4']}, 'source-quench': {'version': '', 'short': 'Source Quench', 'description': 'This error message is generated to tell a host to reduce the pace at which it is sending packets.', 'destination': ['ipv4']}, 'port-unreachable': {'version': '', 'short': 'Port Unreachable', 'description': 'This error message is sent if the port unreachable.', 'destination': ['ipv4', 'ipv6']}, 'time-exceeded': {'version': '', 'short': 'Time Exceeded', 'description': 'This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet.', 'destination': []}, 'mld-listener-report': {'version': '', 'short': 'MLD Listener Report', 'description': 'ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Report (type 131) (RFC 4890 section 4.4.1).', 'destination': ['ipv6']}, 'echo-request': {'version': '', 'short': 'Echo Request (ping)', 'description': 'This message is used to test if a host is reachable mostly with the ping utility.', 'destination': []}, 'unknown-header-type': {'version': '', 'short': 'Unknown Header Type', 'description': 'This error message is sent if an unrecognized Next Header type encountered.', 'destination': ['ipv6']}, 'mld-listener-query': {'version': '', 'short': 'MLD Listener Query', 'description': 'ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Query (type 130) (RFC 4890 section 4.4.1).', 'destination': ['ipv6']}, 'bad-header': {'version': '', 'short': 'Bad Header', 'description': 'This error message is created if there has been an error in the header of a packet.', 'destination': ['ipv6']}, 'parameter-problem': {'version': '', 'short': 'Parameter Problem', 'description': 'This error message is generated if the IP header is bad, either by a missing option or bad length.', 'destination': []}, 'beyond-scope': {'version': '', 'short': 'Beyond Scope', 'description': 'This error message is sent if transmitting a package would cross a zone boundary of the scope of the source address.', 'destination': ['ipv6']}, 'host-unreachable': {'version': '', 'short': 'Host Unreachable', 'description': 'This error message is sent if the destination host is unreachable.', 'destination': ['ipv4']}, 'host-unknown': {'version': '', 'short': 'Host Unknown', 'description': 'This error message is sent if the destination host is unknown.', 'destination': ['ipv4']}, 'mld2-listener-report': {'version': '', 'short': 'MLDv2 Multicast Listener Report', 'description': 'ICMPv6 Link-Local Multicast Listener Discovery (MDLv2) of type Multicast Listener Report (type 143) (RFC 4890 section 4.4.1).', 'destination': ['ipv6']}, 'router-solicitation': {'version': '', 'short': 'Router Solicitation', 'description': 'This message is used by a host attached to a multicast link to request a Router Advertisement.', 'destination': []}, 'timestamp-reply': {'version': '', 'short': 'Timestamp Reply', 'description': 'This message is used to reply to a timestamp message.', 'destination': ['ipv4']}, 'tos-network-unreachable': {'version': '', 'short': 'TOS Network Unreachable', 'description': 'This error message is sent if the network is unreachable for the type of service.', 'destination': ['ipv4']}, 'network-unreachable': {'version': '', 'short': 'Network Unreachable', 'description': 'This message is sent if the destination network is unreachable.', 'destination': ['ipv4']}, 'timestamp-request': {'version': '', 'short': 'Timestamp Request', 'description': 'This message is used for time synchronization.', 'destination': ['ipv4']}, 'ttl-zero-during-transit': {'version': '', 'short': 'TTL Zero During Transit', 'description': 'This error message is sent if the time to live exceeded in transit.', 'destination': ['ipv4', 'ipv6']}, 'host-prohibited': {'version': '', 'short': 'Host Prohibited', 'description': 'This error message is sent if access from a host administratively prohibited.', 'destination': ['ipv4']}, 'destination-unreachable': {'version': '', 'short': 'Destination Unreachable', 'description': 'This error message is generated by a host or gateway if the destination is not reachable.', 'destination': []}, 'tos-network-redirect': {'version': '', 'short': 'TOS Network Redirect', 'description': 'This message is sent if the datagram is redirected for the type of service and network.', 'destination': ['ipv4']}, 'failed-policy': {'version': '', 'short': 'Failed Policy', 'description': 'This error message is generated if the source address failed ingress/egress policy.', 'destination': ['ipv6']}, 'echo-reply': {'version': '', 'short': 'Echo Reply (pong)', 'description': 'This message is the answer to an Echo Request.', 'destination': []}, 'network-prohibited': {'version': '', 'short': 'Network Prohibited', 'description': 'This message is sent if the network is administratively prohibited.', 'destination': ['ipv4']}, 'tos-host-unreachable': {'version': '', 'short': 'TOS Host Unreachable', 'description': 'This message is sent if the host is unreachable for the type of service.', 'destination': ['ipv4']}, 'ttl-zero-during-reassembly': {'version': '', 'short': 'TTL Zero During Reassembly', 'description': 'This error message is sent if a host fails to reassemble a fragmented datagram within its time limit.', 'destination': ['ipv4', 'ipv6']}, 'neighbour-advertisement': {'version': '', 'short': 'Neighbour Advertisement (Neighbor Advertisement)', 'description': 'This informational message is sent in response to a neighbour-solicitation message in order to (unreliably) propagate new information quickly.', 'destination': ['ipv6']}, 'neighbour-solicitation': {'version': '', 'short': 'Neighbour Solicitation (Neighbor Solicitation)', 'description': 'This informational message is sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection.', 'destination': ['ipv6']}}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item is not mapping", "item": { "address-unreachable": { "description": "This error message is generated by a router, or by the IPv6 layer in the originating node, in response to a packet that cannot be delivered to its destination address for reasons other than congestion.", "destination": [ "ipv6" ], "short": "Address Unreachable", "version": "" }, "bad-header": { "description": "This error message is created if there has been an error in the header of a packet.", "destination": [ "ipv6" ], "short": "Bad Header", "version": "" }, "beyond-scope": { "description": "This error message is sent if transmitting a package would cross a zone boundary of the scope of the source address.", "destination": [ "ipv6" ], "short": "Beyond Scope", "version": "" }, "communication-prohibited": { "description": "This error message is sent if communication with destination administratively prohibited.", "destination": [ "ipv4", "ipv6" ], "short": "Communication Prohibited", "version": "" }, "destination-unreachable": { "description": "This error message is generated by a host or gateway if the destination is not reachable.", "destination": [], "short": "Destination Unreachable", "version": "" }, "echo-reply": { "description": "This message is the answer to an Echo Request.", "destination": [], "short": "Echo Reply (pong)", "version": "" }, "echo-request": { "description": "This message is used to test if a host is reachable mostly with the ping utility.", "destination": [], "short": "Echo Request (ping)", "version": "" }, "failed-policy": { "description": "This error message is generated if the source address failed ingress/egress policy.", "destination": [ "ipv6" ], "short": "Failed Policy", "version": "" }, "fragmentation-needed": { "description": "This error message is sent if fragmentation is required, and Don not Fragment (DF) flag is set.", "destination": [ "ipv4" ], "short": "Fragmentation Needed", "version": "" }, "host-precedence-violation": { "description": "This error message is sent if the communication administratively prohibited.", "destination": [ "ipv4" ], "short": "Host Precedence Violation", "version": "" }, "host-prohibited": { "description": "This error message is sent if access from a host administratively prohibited.", "destination": [ "ipv4" ], "short": "Host Prohibited", "version": "" }, "host-redirect": { "description": "This message is sent if the datagram is redirected for the host.", "destination": [ "ipv4" ], "short": "Host Redirect", "version": "" }, "host-unknown": { "description": "This error message is sent if the destination host is unknown.", "destination": [ "ipv4" ], "short": "Host Unknown", "version": "" }, "host-unreachable": { "description": "This error message is sent if the destination host is unreachable.", "destination": [ "ipv4" ], "short": "Host Unreachable", "version": "" }, "ip-header-bad": { "description": "This error message is sent if the IP header is bad.", "destination": [ "ipv4" ], "short": "Ip Header Bad", "version": "" }, "mld-listener-done": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Done (type 132) (RFC 4890 section 4.4.1). Also known as mld-listener-reduction to nft.", "destination": [ "ipv6" ], "short": "MLD Listener Done", "version": "" }, "mld-listener-query": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Query (type 130) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLD Listener Query", "version": "" }, "mld-listener-report": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDL) of type Multicast Listener Report (type 131) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLD Listener Report", "version": "" }, "mld2-listener-report": { "description": "ICMPv6 Link-Local Multicast Listener Discovery (MDLv2) of type Multicast Listener Report (type 143) (RFC 4890 section 4.4.1).", "destination": [ "ipv6" ], "short": "MLDv2 Multicast Listener Report", "version": "" }, "neighbour-advertisement": { "description": "This informational message is sent in response to a neighbour-solicitation message in order to (unreliably) propagate new information quickly.", "destination": [ "ipv6" ], "short": "Neighbour Advertisement (Neighbor Advertisement)", "version": "" }, "neighbour-solicitation": { "description": "This informational message is sent by a node to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address. Neighbor Solicitations are also used for Duplicate Address Detection.", "destination": [ "ipv6" ], "short": "Neighbour Solicitation (Neighbor Solicitation)", "version": "" }, "network-prohibited": { "description": "This message is sent if the network is administratively prohibited.", "destination": [ "ipv4" ], "short": "Network Prohibited", "version": "" }, "network-redirect": { "description": "This message is sent if the datagram is redirected for the network.", "destination": [ "ipv4" ], "short": "Network Redirect", "version": "" }, "network-unknown": { "description": "This message is sent if the destination network is unknown.", "destination": [ "ipv4" ], "short": "Network Unknown", "version": "" }, "network-unreachable": { "description": "This message is sent if the destination network is unreachable.", "destination": [ "ipv4" ], "short": "Network Unreachable", "version": "" }, "no-route": { "description": "This error message is set if there is no route to the destination.", "destination": [ "ipv6" ], "short": "No Route", "version": "" }, "packet-too-big": { "description": "This error message is sent by a router in response to a packet that it cannot forward because the packet is larger than the MTU of the outgoing link.", "destination": [ "ipv6" ], "short": "Packet Too Big", "version": "" }, "parameter-problem": { "description": "This error message is generated if the IP header is bad, either by a missing option or bad length.", "destination": [], "short": "Parameter Problem", "version": "" }, "port-unreachable": { "description": "This error message is sent if the port unreachable.", "destination": [ "ipv4", "ipv6" ], "short": "Port Unreachable", "version": "" }, "precedence-cutoff": { "description": "This message is sent if the precedence is lower than the required minimum.", "destination": [ "ipv4" ], "short": "Precedence Cutoff", "version": "" }, "protocol-unreachable": { "description": "This message is sent if the destination protocol is unreachable.", "destination": [ "ipv4" ], "short": "Protocol Unreachable", "version": "" }, "redirect": { "description": "This error message informs a host to send packets on another route.", "destination": [], "short": "Redirect", "version": "" }, "reject-route": { "description": "This error message is sent if the route to destination is rejected.", "destination": [ "ipv6" ], "short": "Reject Route", "version": "" }, "required-option-missing": { "description": "This message is sent if a required option is missing.", "destination": [ "ipv4" ], "short": "Required Option Missing", "version": "" }, "router-advertisement": { "description": "This message is used by routers to periodically announce the IP address of a multicast interface.", "destination": [], "short": "Router Advertisement", "version": "" }, "router-solicitation": { "description": "This message is used by a host attached to a multicast link to request a Router Advertisement.", "destination": [], "short": "Router Solicitation", "version": "" }, "source-quench": { "description": "This error message is generated to tell a host to reduce the pace at which it is sending packets.", "destination": [ "ipv4" ], "short": "Source Quench", "version": "" }, "source-route-failed": { "description": "This message is sent if the source route has failed.", "destination": [ "ipv4" ], "short": "Source Route Failed", "version": "" }, "time-exceeded": { "description": "This error message is generated if the time-to-live was exceeded either of a packet or of the reassembling of a fragmented packet.", "destination": [], "short": "Time Exceeded", "version": "" }, "timestamp-reply": { "description": "This message is used to reply to a timestamp message.", "destination": [ "ipv4" ], "short": "Timestamp Reply", "version": "" }, "timestamp-request": { "description": "This message is used for time synchronization.", "destination": [ "ipv4" ], "short": "Timestamp Request", "version": "" }, "tos-host-redirect": { "description": "This message is the datagram is redirected for the type of service and host.", "destination": [ "ipv4" ], "short": "TOS Host Redirect", "version": "" }, "tos-host-unreachable": { "description": "This message is sent if the host is unreachable for the type of service.", "destination": [ "ipv4" ], "short": "TOS Host Unreachable", "version": "" }, "tos-network-redirect": { "description": "This message is sent if the datagram is redirected for the type of service and network.", "destination": [ "ipv4" ], "short": "TOS Network Redirect", "version": "" }, "tos-network-unreachable": { "description": "This error message is sent if the network is unreachable for the type of service.", "destination": [ "ipv4" ], "short": "TOS Network Unreachable", "version": "" }, "ttl-zero-during-reassembly": { "description": "This error message is sent if a host fails to reassemble a fragmented datagram within its time limit.", "destination": [ "ipv4", "ipv6" ], "short": "TTL Zero During Reassembly", "version": "" }, "ttl-zero-during-transit": { "description": "This error message is sent if the time to live exceeded in transit.", "destination": [ "ipv4", "ipv6" ], "short": "TTL Zero During Transit", "version": "" }, "unknown-header-type": { "description": "This error message is sent if an unrecognized Next Header type encountered.", "destination": [ "ipv6" ], "short": "Unknown Header Type", "version": "" }, "unknown-option": { "description": "This error message is sent if an unrecognized IPv6 option encountered.", "destination": [ "ipv6" ], "short": "Unknown Option", "version": "" } }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'irc': {'version': '', 'short': '', 'description': '', 'family': 'ipv4', 'module': 'nf_conntrack_irc', 'port': [['194', 'tcp']]}, 'netbios-ns': {'version': '', 'short': '', 'description': '', 'family': 'ipv4', 'module': 'nf_conntrack_netbios_ns', 'port': [['137', 'udp']]}, 'amanda': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_amanda', 'port': [['10080', 'udp']]}, 'sane': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_sane', 'port': [['6566', 'tcp']]}, 'sip': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_sip', 'port': [['5060', 'tcp'], ['5060', 'udp']]}, 'tftp': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_tftp', 'port': [['69', 'udp']]}, 'Q.931': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_h323', 'port': [['1720', 'tcp']]}, 'RAS': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_h323', 'port': [['1719', 'udp']]}, 'proto-gre': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_proto_gre', 'port': []}, 'pptp': {'version': '', 'short': '', 'description': '', 'family': 'ipv4', 'module': 'nf_conntrack_pptp', 'port': [['1723', 'tcp']]}, 'h323': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_h323', 'port': []}, 'ftp': {'version': '', 'short': '', 'description': '', 'family': '', 'module': 'nf_conntrack_ftp', 'port': [['21', 'tcp']]}, 'snmp': {'version': '', 'short': '', 'description': '', 'family': 'ipv4', 'module': 'nf_conntrack_snmp', 'port': [['161', 'udp']]}}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item is not mapping", "item": { "Q.931": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [ [ "1720", "tcp" ] ], "short": "", "version": "" }, "RAS": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [ [ "1719", "udp" ] ], "short": "", "version": "" }, "amanda": { "description": "", "family": "", "module": "nf_conntrack_amanda", "port": [ [ "10080", "udp" ] ], "short": "", "version": "" }, "ftp": { "description": "", "family": "", "module": "nf_conntrack_ftp", "port": [ [ "21", "tcp" ] ], "short": "", "version": "" }, "h323": { "description": "", "family": "", "module": "nf_conntrack_h323", "port": [], "short": "", "version": "" }, "irc": { "description": "", "family": "ipv4", "module": "nf_conntrack_irc", "port": [ [ "194", "tcp" ] ], "short": "", "version": "" }, "netbios-ns": { "description": "", "family": "ipv4", "module": "nf_conntrack_netbios_ns", "port": [ [ "137", "udp" ] ], "short": "", "version": "" }, "pptp": { "description": "", "family": "ipv4", "module": "nf_conntrack_pptp", "port": [ [ "1723", "tcp" ] ], "short": "", "version": "" }, "proto-gre": { "description": "", "family": "", "module": "nf_conntrack_proto_gre", "port": [], "short": "", "version": "" }, "sane": { "description": "", "family": "", "module": "nf_conntrack_sane", "port": [ [ "6566", "tcp" ] ], "short": "", "version": "" }, "sip": { "description": "", "family": "", "module": "nf_conntrack_sip", "port": [ [ "5060", "tcp" ], [ "5060", "udp" ] ], "short": "", "version": "" }, "snmp": { "description": "", "family": "ipv4", "module": "nf_conntrack_snmp", "port": [ [ "161", "udp" ] ], "short": "", "version": "" }, "tftp": { "description": "", "family": "", "module": "nf_conntrack_tftp", "port": [ [ "69", "udp" ] ], "short": "", "version": "" } }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item={'allow-host-ipv6': {'description': 'Allows basic IPv6 functionality for the host running firewalld.', 'egress_zones': ['HOST'], 'forward_ports': [], 'icmp_blocks': [], 'ingress_zones': ['ANY'], 'masquerade': False, 'ports': [], 'priority': -15000, 'protocols': [], 'rich_rules': ['rule family="ipv6" icmp-type name="neighbour-advertisement" accept', 'rule family="ipv6" icmp-type name="neighbour-solicitation" accept', 'rule family="ipv6" icmp-type name="router-advertisement" accept', 'rule family="ipv6" icmp-type name="redirect" accept'], 'services': [], 'short': 'Allow host IPv6', 'source_ports': [], 'target': 'CONTINUE', 'version': ''}}) => { "ansible_loop_var": "item", "changed": false, "false_condition": "item is not mapping", "item": { "allow-host-ipv6": { "description": "Allows basic IPv6 functionality for the host running firewalld.", "egress_zones": [ "HOST" ], "forward_ports": [], "icmp_blocks": [], "ingress_zones": [ "ANY" ], "masquerade": false, "ports": [], "priority": -15000, "protocols": [], "rich_rules": [ "rule family=\"ipv6\" icmp-type name=\"neighbour-advertisement\" accept", "rule family=\"ipv6\" icmp-type name=\"neighbour-solicitation\" accept", "rule family=\"ipv6\" icmp-type name=\"router-advertisement\" accept", "rule family=\"ipv6\" icmp-type name=\"redirect\" accept" ], "services": [], "short": "Allow host IPv6", "source_ports": [], "target": "CONTINUE", "version": "" } }, "skip_reason": "Conditional result was False" } skipping: [managed_node1] => { "changed": false } MSG: All items skipped TASK [Fail if custom firewall_config is not its previous value] **************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:111 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.399) 0:00:21.952 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_config.custom != __previous_firewall_config.custom", "skip_reason": "Conditional result was False" } TASK [Fail if default zone differs] ******************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:116 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.023) 0:00:21.975 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_config.default_zone != __previous_firewall_config.default_zone", "skip_reason": "Conditional result was False" } TASK [Cleanup] ***************************************************************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:122 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.020) 0:00:21.996 ********* included: fedora.linux_system_roles.firewall for managed_node1 => (item=(censored due to no_log)) TASK [fedora.linux_system_roles.firewall : Setup firewalld] ******************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:2 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.079) 0:00:22.076 ********* included: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml for managed_node1 TASK [fedora.linux_system_roles.firewall : Ensure ansible_facts used by role] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:2 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.024) 0:00:22.100 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_required_facts | difference(ansible_facts.keys() | list) | length > 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if system is ostree] ********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:10 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.024) 0:00:22.125 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag to indicate system is ostree] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:15 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.019) 0:00:22.145 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_ostree is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Check if transactional-update exists in /sbin] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:22 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.018) 0:00:22.163 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Set flag if transactional-update exists] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:27 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.021) 0:00:22.185 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "not __firewall_is_transactional is defined", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Install firewalld] ****************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 Saturday 27 July 2024 02:27:14 -0400 (0:00:00.018) 0:00:22.203 ********* ok: [managed_node1] => { "changed": false, "rc": 0, "results": [] } MSG: Nothing to do lsrpackages: firewalld TASK [fedora.linux_system_roles.firewall : Notify user that reboot is needed to apply changes] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:43 Saturday 27 July 2024 02:27:15 -0400 (0:00:01.324) 0:00:23.528 ********* skipping: [managed_node1] => { "false_condition": "__firewall_is_transactional | d(false)" } TASK [fedora.linux_system_roles.firewall : Reboot transactional update systems] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:48 Saturday 27 July 2024 02:27:15 -0400 (0:00:00.020) 0:00:23.549 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Fail if reboot is needed and not set] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:53 Saturday 27 July 2024 02:27:15 -0400 (0:00:00.020) 0:00:23.570 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_is_transactional | d(false)", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Collect service facts] ************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:5 Saturday 27 July 2024 02:27:15 -0400 (0:00:00.019) 0:00:23.589 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Attempt to stop and disable conflicting services] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:9 Saturday 27 July 2024 02:27:15 -0400 (0:00:00.017) 0:00:23.607 ********* skipping: [managed_node1] => (item=nftables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "nftables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=iptables) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "iptables", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => (item=ufw) => { "ansible_loop_var": "item", "changed": false, "false_condition": "firewall_disable_conflicting_services | bool", "item": "ufw", "skip_reason": "Conditional result was False" } skipping: [managed_node1] => { "changed": false } MSG: All items skipped TASK [fedora.linux_system_roles.firewall : Unmask firewalld service] *********** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 Saturday 27 July 2024 02:27:15 -0400 (0:00:00.027) 0:00:23.634 ********* ok: [managed_node1] => { "changed": false, "name": "firewalld", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "14090918000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3370401792", "MemoryCurrent": "41103360", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Enable and start firewalld service] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 Saturday 27 July 2024 02:27:16 -0400 (0:00:00.543) 0:00:24.178 ********* ok: [managed_node1] => { "changed": false, "enabled": true, "name": "firewalld", "state": "started", "status": { "AccessSELinuxContext": "system_u:object_r:firewalld_unit_file_t:s0", "ActiveEnterTimestamp": "Sat 2024-07-27 02:19:20 EDT", "ActiveEnterTimestampMonotonic": "305170350", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice basic.target dbus.socket dbus-broker.service sysinit.target polkit.service", "AllowIsolate": "no", "AssertResult": "yes", "AssertTimestamp": "Sat 2024-07-27 02:19:18 EDT", "AssertTimestampMonotonic": "303370926", "Before": "network-pre.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "BusName": "org.fedoraproject.FirewallD1", "CPUAccounting": "yes", "CPUAffinityFromNUMA": "no", "CPUQuotaPerSecUSec": "infinity", "CPUQuotaPeriodUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "14090918000", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanFreeze": "yes", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend cap_audit_read cap_perfmon cap_bpf cap_checkpoint_restore", "CleanResult": "success", "CollectMode": "inactive", "ConditionResult": "yes", "ConditionTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ConditionTimestampMonotonic": "303370923", "ConfigurationDirectoryMode": "0755", "Conflicts": "ip6tables.service nftables.service shutdown.target ipset.service iptables.service ebtables.service", "ControlGroup": "/system.slice/firewalld.service", "ControlGroupId": "5236", "ControlPID": "0", "CoredumpFilter": "0x33", "CoredumpReceive": "no", "DefaultDependencies": "yes", "DefaultMemoryLow": "0", "DefaultMemoryMin": "0", "DefaultStartupMemoryLow": "0", "Delegate": "no", "Description": "firewalld - dynamic firewall daemon", "DevicePolicy": "auto", "Documentation": "\"man:firewalld(1)\"", "DropInPaths": "/usr/lib/systemd/system/service.d/10-timeout-abort.conf", "DynamicUser": "no", "EnvironmentFiles": "/etc/sysconfig/firewalld (ignore_errors=yes)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "2253", "ExecMainStartTimestamp": "Sat 2024-07-27 02:19:18 EDT", "ExecMainStartTimestampMonotonic": "303377085", "ExecMainStatus": "0", "ExecReload": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecReloadEx": "{ path=/bin/kill ; argv[]=/bin/kill -HUP $MAINPID ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStartEx": "{ path=/usr/sbin/firewalld ; argv[]=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS ; flags= ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExitType": "main", "ExtensionImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FileDescriptorStorePreserve": "restart", "FinalKillSignal": "9", "FragmentPath": "/usr/lib/systemd/system/firewalld.service", "FreezerState": "running", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOReadBytes": "[not set]", "IOReadOperations": "[not set]", "IOSchedulingClass": "2", "IOSchedulingPriority": "4", "IOWeight": "[not set]", "IOWriteBytes": "[not set]", "IOWriteOperations": "[not set]", "IPAccounting": "no", "IPEgressBytes": "[no data]", "IPEgressPackets": "[no data]", "IPIngressBytes": "[no data]", "IPIngressPackets": "[no data]", "Id": "firewalld.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Sat 2024-07-27 02:19:18 EDT", "InactiveExitTimestampMonotonic": "303377328", "InvocationID": "00a6abfca41b4462b19b428e9e3a7565", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "mixed", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "8388608", "LimitMEMLOCKSoft": "8388608", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "524288", "LimitNOFILESoft": "1024", "LimitNPROC": "14725", "LimitNPROCSoft": "14725", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "14725", "LimitSIGPENDINGSoft": "14725", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "2253", "ManagedOOMMemoryPressure": "auto", "ManagedOOMMemoryPressureLimit": "0", "ManagedOOMPreference": "none", "ManagedOOMSwap": "auto", "MemoryAccounting": "yes", "MemoryAvailable": "3392614400", "MemoryCurrent": "41103360", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryKSM": "no", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemoryMin": "0", "MemoryPeak": "42455040", "MemoryPressureThresholdUSec": "200ms", "MemoryPressureWatch": "auto", "MemorySwapCurrent": "0", "MemorySwapMax": "infinity", "MemorySwapPeak": "0", "MemoryZSwapCurrent": "0", "MemoryZSwapMax": "infinity", "MountAPIVFS": "no", "MountImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAPolicy": "n/a", "Names": "firewalld.service dbus-org.fedoraproject.FirewallD1.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMPolicy": "stop", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "OnSuccessJobMode": "fail", "Perpetual": "no", "PrivateDevices": "no", "PrivateIPC": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProcSubset": "all", "ProtectClock": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectHostname": "no", "ProtectKernelLogs": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectProc": "default", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "ReloadResult": "success", "ReloadSignal": "1", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "dbus.socket sysinit.target system.slice", "Restart": "no", "RestartKillSignal": "15", "RestartMaxDelayUSec": "infinity", "RestartMode": "normal", "RestartSteps": "0", "RestartUSec": "100ms", "RestartUSecNext": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RootEphemeral": "no", "RootImagePolicy": "root=verity+signed+encrypted+unprotected+absent:usr=verity+signed+encrypted+unprotected+absent:home=encrypted+unprotected+absent:srv=encrypted+unprotected+absent:tmp=encrypted+unprotected+absent:var=encrypted+unprotected+absent", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "RuntimeRandomizedExtraUSec": "0", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "SetLoginEnvironment": "no", "Slice": "system.slice", "StandardError": "null", "StandardInput": "null", "StandardOutput": "null", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StartupMemoryHigh": "infinity", "StartupMemoryLow": "0", "StartupMemoryMax": "infinity", "StartupMemorySwapMax": "infinity", "StartupMemoryZSwapMax": "infinity", "StateChangeTimestamp": "Sat 2024-07-27 02:22:50 EDT", "StateChangeTimestampMonotonic": "515277532", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SuccessAction": "none", "SurviveFinalKillSignal": "no", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "2147483646", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "4", "TasksMax": "4417", "TimeoutAbortUSec": "45s", "TimeoutCleanUSec": "infinity", "TimeoutStartFailureMode": "terminate", "TimeoutStartUSec": "45s", "TimeoutStopFailureMode": "abort", "TimeoutStopUSec": "45s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "dbus", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "enabled", "UtmpMode": "init", "WantedBy": "multi-user.target", "Wants": "network-pre.target", "WatchdogSignal": "6", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } TASK [fedora.linux_system_roles.firewall : Check if previous replaced is defined] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:34 Saturday 27 July 2024 02:27:16 -0400 (0:00:00.556) 0:00:24.734 ********* ok: [managed_node1] => { "ansible_facts": { "__firewall_previous_replaced": false, "__firewall_python_cmd": "/usr/bin/python3.12", "__firewall_report_changed": true }, "changed": false } TASK [fedora.linux_system_roles.firewall : Get config files, checksums before and remove] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.031) 0:00:24.766 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Tell firewall module it is able to report changed] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:55 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.019) 0:00:24.785 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Configure firewall] ***************** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:71 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.018) 0:00:24.803 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Gather firewall config information] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.029) 0:00:24.832 ********* skipping: [managed_node1] => { "changed": false, "skipped_reason": "No items in the list" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:130 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.026) 0:00:24.858 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "'detailed' in fw[0]", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Gather firewall config if no arguments] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:139 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.028) 0:00:24.887 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Update firewalld_config fact] ******* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:144 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.020) 0:00:24.907 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "firewall == None or firewall | length == 0", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Get config files, checksums after] *** task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:153 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.020) 0:00:24.928 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Calculate what has changed] ********* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:163 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.020) 0:00:24.949 ********* skipping: [managed_node1] => { "changed": false, "false_condition": "__firewall_previous_replaced | bool", "skip_reason": "Conditional result was False" } TASK [fedora.linux_system_roles.firewall : Show diffs] ************************* task path: /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:169 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.018) 0:00:24.967 ********* skipping: [managed_node1] => { "false_condition": "__firewall_previous_replaced | bool" } PLAY RECAP ********************************************************************* managed_node1 : ok=49 changed=0 unreachable=0 failed=0 skipped=96 rescued=0 ignored=0 Saturday 27 July 2024 02:27:17 -0400 (0:00:00.028) 0:00:24.995 ********* =============================================================================== Gathering Facts --------------------------------------------------------- 2.63s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:2 fedora.linux_system_roles.firewall : Gather firewall config information --- 2.41s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:120 fedora.linux_system_roles.firewall : Install firewalld ------------------ 1.42s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 fedora.linux_system_roles.firewall : Install firewalld ------------------ 1.32s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 fedora.linux_system_roles.firewall : Install firewalld ------------------ 1.32s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 fedora.linux_system_roles.firewall : Install firewalld ------------------ 1.31s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 fedora.linux_system_roles.firewall : Install firewalld ------------------ 1.31s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/firewalld.yml:31 Modify firewalld configuration ------------------------------------------ 0.75s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:56 fedora.linux_system_roles.firewall : Unmask firewalld service ----------- 0.74s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 fedora.linux_system_roles.firewall : Get config files, checksums before and remove --- 0.68s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:43 Get default zone -------------------------------------------------------- 0.64s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/tests/firewall/tests_firewall_fact.yml:15 fedora.linux_system_roles.firewall : Enable and start firewalld service --- 0.56s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 fedora.linux_system_roles.firewall : Enable and start firewalld service --- 0.55s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 fedora.linux_system_roles.firewall : Unmask firewalld service ----------- 0.55s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 fedora.linux_system_roles.firewall : Enable and start firewalld service --- 0.55s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 fedora.linux_system_roles.firewall : Enable and start firewalld service --- 0.55s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 fedora.linux_system_roles.firewall : Unmask firewalld service ----------- 0.55s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 fedora.linux_system_roles.firewall : Unmask firewalld service ----------- 0.54s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22 fedora.linux_system_roles.firewall : Enable and start firewalld service --- 0.54s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:28 fedora.linux_system_roles.firewall : Unmask firewalld service ----------- 0.54s /tmp/tmp.Y9FdIZtjXP/ansible_collections/fedora/linux_system_roles/roles/firewall/tasks/main.yml:22