- name: Install ufw apt: package=ufw state=present - name: Configure ufw defaults ufw: direction: "{{ item.direction }}" policy: "{{ item.policy }}" loop: - { direction: 'incoming', policy: 'deny' } - { direction: 'outgoing', policy: 'deny' } # disable ipv6 - lineinfile: path: /etc/default/ufw state: present regexp: '^IPV6' line: 'IPV6=no' - name: Enable ufw logging ufw: logging: off - name: Commenting a line. replace: path: /etc/ufw/before.rules regexp: '^(?!#)(.*limit --limit*)' replace: '#\1' - name: Allow all access to tcp port 3142 ufw: rule: allow port: '3142' direction: '{{ item }}' loop: - in - out - name: set some allow rules ufw: rule: allow port: "{{ item.port }}" direction: "{{ item.direction }}" dest: "{{ item.destination }}" loop: - { port: '22', direction: 'in', destination: '10.0.0.0/24' } - { port: '22', direction: 'out', destination: '10.0.0.0/24' } - { port: '22', direction: 'in', destination: '10.16.0.0/12' } - { port: '22', direction: 'out', destination: '10.16.0.0/12' } - { port: '22', direction: 'in', destination: '162.55.5.40/32' } - { port: '22', direction: 'out', destination: '162.55.5.40/32' } - { port: '53', direction: 'in', destination: '10.16.0.0/12' } - { port: '53', direction: 'out', destination: '10.16.0.0/12' } - { port: '443', direction: 'in', destination: '10.16.0.0/12' } - { port: '443', direction: 'out', destination: '10.16.0.0/12' } - { port: '443', direction: 'in', destination: '162.55.5.40/32' } - { port: '443', direction: 'out', destination: '162.55.5.40/32' } - name: Enable ufw ufw: state: enabled - name: start ufw service service: name: ufw state: restarted