66 lines
1.8 KiB
YAML
66 lines
1.8 KiB
YAML
- name: Install ufw
|
|
apt: package=ufw state=present
|
|
|
|
- name: Configure ufw defaults
|
|
ufw:
|
|
direction: "{{ item.direction }}"
|
|
policy: "{{ item.policy }}"
|
|
loop:
|
|
- { direction: 'incoming', policy: 'deny' }
|
|
- { direction: 'outgoing', policy: 'deny' }
|
|
|
|
# disable ipv6
|
|
- lineinfile:
|
|
path: /etc/default/ufw
|
|
state: present
|
|
regexp: '^IPV6'
|
|
line: 'IPV6=no'
|
|
|
|
- name: Enable ufw logging
|
|
ufw:
|
|
logging: off
|
|
|
|
- name: Commenting a line.
|
|
replace:
|
|
path: /etc/ufw/before.rules
|
|
regexp: '^(?!#)(.*limit --limit*)'
|
|
replace: '#\1'
|
|
|
|
- name: Allow all access to tcp port 3142
|
|
ufw:
|
|
rule: allow
|
|
port: '3142'
|
|
direction: '{{ item }}'
|
|
loop:
|
|
- in
|
|
- out
|
|
|
|
- name: set some allow rules
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ item.port }}"
|
|
direction: "{{ item.direction }}"
|
|
dest: "{{ item.destination }}"
|
|
loop:
|
|
- { port: '22', direction: 'in', destination: '10.0.0.0/24' }
|
|
- { port: '22', direction: 'out', destination: '10.0.0.0/24' }
|
|
- { port: '22', direction: 'in', destination: '10.16.0.0/12' }
|
|
- { port: '22', direction: 'out', destination: '10.16.0.0/12' }
|
|
- { port: '22', direction: 'in', destination: '162.55.5.40/32' }
|
|
- { port: '22', direction: 'out', destination: '162.55.5.40/32' }
|
|
- { port: '53', direction: 'in', destination: '10.16.0.0/12' }
|
|
- { port: '53', direction: 'out', destination: '10.16.0.0/12' }
|
|
- { port: '443', direction: 'in', destination: '10.16.0.0/12' }
|
|
- { port: '443', direction: 'out', destination: '10.16.0.0/12' }
|
|
- { port: '443', direction: 'in', destination: '162.55.5.40/32' }
|
|
- { port: '443', direction: 'out', destination: '162.55.5.40/32' }
|
|
|
|
|
|
- name: Enable ufw
|
|
ufw:
|
|
state: enabled
|
|
|
|
- name: start ufw service
|
|
service:
|
|
name: ufw
|
|
state: restarted |