Start firewalld when -exam user logs in

roles/lmn_vm/tasks/main.yml

@@ -17,6 +17,7 @@
       - mktorrent
       - libvirt-daemon-system
       - virt-manager
+      - firewalld
       - dialog # for vm-netboot menu
     state: latest
     autoremove: true
@@ -28,6 +29,19 @@
     #    insertafter: '#auth_unix_rw = "polkit"'
     #  notify: reload libvirtd
 
+- name: disable firewalld-service
+  systemd:
+    name: firewalld
+    enabled: false
+    state: stopped
+
+- name: Add virbr0 to libvirt zone
+  ansible.posix.firewalld:
+    zone: libvirt
+    interface: virbr0
+    permanent: true
+    state: enabled
+
 - name: Configure pam_mount for VM bind mounts
   blockinfile:
     dest: /etc/security/pam_mount.conf.xml
@@ -172,6 +186,13 @@
     scope: global
     enabled: true
 
+- name: Permit access to usersquid from libvirt
+  ansible.posix.firewalld:
+    zone: libvirt
+    port: 3128/tcp
+    permanent: true
+    state: enabled
+
 - name: Deploy sudo configurations
   copy:
     src: "{{ item }}"