48 lines
1.2 KiB
YAML
48 lines
1.2 KiB
YAML
# ===================================================================================================
|
|
# ? ABOUT
|
|
# @author : Noah Knegt
|
|
# @email : personal@noahknegt.com
|
|
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
|
|
# @createdOn : 01-06-2023
|
|
# @description :
|
|
# ===================================================================================================
|
|
|
|
---
|
|
- name: Install UFW
|
|
ansible.builtin.package:
|
|
name: ufw
|
|
state: present
|
|
|
|
- name: UFW deny all incoming traffic
|
|
community.general.ufw:
|
|
default: deny
|
|
direction: incoming
|
|
|
|
- name: UFW allow all outbound traffic
|
|
community.general.ufw:
|
|
default: allow
|
|
direction: outgoing
|
|
|
|
- name: Allow all access from RFC1918 networks to this host
|
|
community.general.ufw:
|
|
direction: incoming
|
|
rule: allow
|
|
src: "{{ item }}"
|
|
loop:
|
|
- 10.0.0.0/8
|
|
- 172.16.0.0/12
|
|
- 192.168.0.0/16
|
|
|
|
- name: UFW allow default ssh port
|
|
community.general.ufw:
|
|
direction: incoming
|
|
rule: limit
|
|
port: ssh
|
|
|
|
- name: UFW allow custom ssh port
|
|
when: setup_openssh_port is defined
|
|
community.general.ufw:
|
|
direction: incoming
|
|
rule: allow
|
|
port: "{{ setup_openssh_port }}"
|