Giters

jlund / ansible-ufw

Ansible role that installs and configures ufw, AKA The Uncomplicated Firewall (https://launchpad.net/ufw)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

how to allow from IP?

oppianmatt opened this issue · comments

commented

How does one enable a rule like:

ufw allow from 192.168.1.0/24

If I do a:

ufw_whitelisted_ipv4_addresses:
  - { port: any, protocol: any, address: "192.168.1.0/24" }

That breaks ufw

If I manually do it and inspect the user.rules file I get a:

### tuple ### allow any any 0.0.0.0/0 any 192.168.1.0/24 in
-A ufw-user-input -s 192.168.1.0/24 -j ACCEPT

But the template has:

{% for tuple in ufw_whitelisted_ipv4_addresses %}
### tuple ### allow {{ tuple.protocol }} {{ tuple.port }} 0.0.0.0/0 any {{ tuple.address }} in
-A ufw-user-input -p {{ tuple.protocol }} --dport {{ tuple.port }} -s {{ tuple.address }} -j ACCEPT
commented

For now I have edited user.rules template to have:

{% for tuple in ufw_whitelisted_ipv4_addresses %}
### tuple ### allow {{ tuple.protocol }} {{ tuple.port }} 0.0.0.0/0 any {{ tuple.address }} in
-A ufw-user-input {% if tuple.protocol != 'any' %}-p {{ tuple.protocol }} {% endif %}{% if tuple.port != 'any' %}--dport {{ tuple.port }} {% endif %}-s {{ tuple.address }} -j ACCEPT