-- # YAML Start
    # Firewall Daemon Regeln für chrony im Daemon-Mode konfigurieren.

- name: "Port 123/UDP für IPv4 in der Zone IDMZ freischalten."
  ansible.posix.firewalld:
    rich_rule: >
      rule family=ipv4
      source address={{ guest_ip4_net_1 }}{{ guest_mask4_1 }}
      port protocol="udp" port="123"
      destination address={{ guest_ip4_1 }}/32
      accept
    zone: '{{ guest_zone_1 }}'
    immediate: true
    permanent: true
    state: enabled

- name: "Port 123/UDP für IPv6 (ULA) in der Zone IDMZ freischalten."
  ansible.posix.firewalld:
    rich_rule: >
      rule family=ipv6
      source address=fd00::/10
      port protocol="udp" port="123"
      destination address={{ guest_ip6_ls_1 }}{{ guest_mask6_1 }}
      accept
    zone: '{{ guest_zone_1 }}'
    immediate: true
    permanent: true
    state: enabled

- name: "Port 123/UDP für IPv6 (Global-Scope) in der Zone IDMZ freischalten."
  ansible.posix.firewalld:
    rich_rule: >
      rule family=ipv6
      source address={{ guest_ip6_net_1 }}{{ guest_mask6_1 }}
      port protocol="udp" port="123"
      destination address={{ guest_ip6_gs_1 }}{{ guest_mask6_1 }}
      accept
    zone: '{{ guest_zone_1 }}'
    immediate: true
    permanent: true
    state: enabled

- name: "Port 123/UDP für IPv4 in der Zone INTRA freischalten."
  ansible.posix.firewalld:
    rich_rule: >
      rule family=ipv4
      source address={{ guest_ip4_net_2 }}{{ guest_mask4_2 }}
      port protocol="udp" port="123"
      destination address={{ guest_ip4_2 }}/32
      accept
    zone: '{{ guest_zone_2 }}'
    immediate: true
    permanent: true
    state: enabled

- name: "Port 123/UDP für IPv6 (ULA) in der Zone INTRA freischalten."
  ansible.posix.firewalld:
    rich_rule: >
      rule family=ipv6
      source address=fd00::/10
      port protocol="udp" port="123"
      destination address={{ guest_ip6_ls_2 }}{{ guest_mask6_2 }}
      accept
    zone: '{{ guest_zone_2 }}'
    immediate: true
    permanent: true
    state: enabled

- name: "Port 123/UDP für IPv6 (Global-Scope) in der Zone INTRA freischalten."
  ansible.posix.firewalld:
    rich_rule: >
      rule family=ipv6
      source address={{ guest_ip6_net_2 }}{{ guest_mask6_2 }}
      port protocol="udp" port="123"
      destination address={{ guest_ip6_gs_2 }}{{ guest_mask6_2 }}
      accept
    zone: '{{ guest_zone_2 }}'
    immediate: true
    permanent: true
    state: enabled

- name: "Regeländerungen auf vml000110 neu laden."
  ansible.builtin.service:
    name: firewalld
    state: reloaded

... # YML Ende