Uncomplicated Firewall configuration.
N/A
Read through defaults before using. Simple and easy configuration of UFW with multiple rules and hosts.
This will enable SSH with logging on all hosts. The example host will have SSH enabled as well as an incoming port of 2222, outgoing port of 443, and deny any additional outgoing connections.
group_vars/all/vars/main.yml
ufw_group:
- proto: 'tcp'
from_ip: 'any'
to_port: 22
direction: 'in'
log: true
comment: 'ssh'host_vars/ufw.example.com/vars/ufw.yml
ufw_default_outgoing: 'deny'
ufw_host:
- proto: 'tcp'
from_ip: 'any'
to_port: 2222
direction: 'in'
comment: 'allow incoming to port tcp/2222'
- proto: 'tcp'
to_ip: 'any'
to_port: 443
direction: 'out'
comment: 'allow outgoing to port tcp/443'
- proto: 'tcp'
to_ip: 'any'
to_port: 22
direction: 'out'
comment: 'allow outgoing ssh to port tcp/22'Apply the role
- name: 'Manage UFW'
hosts: '*'
become: true
roles:
- 'r_pufky.srv.ufw'Test framework requires molecule and rootless podman setup.
Run all unit tests:
molecule test --allCreate a bug and provide as much information as possible.
Associate pull requests with a submitted bug.
AGPL-3.0 License (direct link)
PGP Fingerprint: 466EEC2B67516C7117C85CE3A0BC35D16698BAB9 | github gist