Fix Ansible firewalld Module Error on RHEL

If you are seeing firewalld module error when running Ansible, here is how to fix it.

What This Error Means

The firewalld module requires the python3-firewall package and a running firewalld service on the target host. When either is missing, you get errors like:

TASK [Open port 80/tcp in firewalld] ******************
fatal: [server1]: FAILED! => {
    "msg": "Python module firewall is not installed"
}

Or:

fatal: [server1]: FAILED! => {
    "msg": "firewalld is not running"
}

Fix 1: Install the Python Firewall Package

# RHEL/CentOS/Rocky/Alma
sudo dnf install python3-firewall firewalld

# Ubuntu/Debian
sudo apt install python3-firewall firewalld

Or fix it with Ansible itself (run before your firewalld tasks):

- name: Ensure firewalld dependencies are installed
  ansible.builtin.package:
    name:
      - firewalld
      - python3-firewall
    state: present

- name: Ensure firewalld is running
  ansible.builtin.service:
    name: firewalld
    state: started
    enabled: true

Fix 2: Start the Firewalld Service

sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo systemctl status firewalld

Fix 3: Check Python Interpreter

If you have multiple Python versions, Ansible might use the wrong one:

# In your inventory or playbook
vars:
  ansible_python_interpreter: /usr/bin/python3

Or in ansible.cfg:

[defaults]
interpreter_python = auto_silent

Fix 4: Virtual Environment Issues

If you are running Ansible in a virtualenv, the system python3-firewall package may not be available:

# Use the system Python for firewalld tasks
- name: Open HTTP port
  ansible.posix.firewalld:
    port: 80/tcp
    permanent: true
    immediate: true
    state: enabled
  vars:
    ansible_python_interpreter: /usr/bin/python3

Complete Working Example

---
- name: Configure firewall
  hosts: webservers
  become: true
  
  tasks:
    - name: Install firewalld
      ansible.builtin.dnf:
        name:
          - firewalld
          - python3-firewall
        state: present

    - name: Start and enable firewalld
      ansible.builtin.service:
        name: firewalld
        state: started
        enabled: true

    - name: Open HTTP and HTTPS ports
      ansible.posix.firewalld:
        service: "{{ item }}"
        permanent: true
        immediate: true
        state: enabled
      loop:
        - http
        - https

    - name: Open custom port
      ansible.posix.firewalld:
        port: 8080/tcp
        permanent: true
        immediate: true
        state: enabled

Common Variations

Related Reading

• Red Hat Ansible Automation Platform
• RHEL 9 Administration Guide
• Install Ansible on RHEL 9