Skip to content

Instantly share code, notes, and snippets.

@ldvc

ldvc/ansible-ufw.md

Last active April 6, 2020 09:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ldvc/5bedaa68bf8b5fb88d6d8b469d2080d2 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ldvc/5bedaa68bf8b5fb88d6d8b469d2080d2 to your computer and use it in GitHub Desktop.
Download ZIP
Gestion UFW avec Ansible
Raw
ansible-ufw.md

Ansible + UFW

Config

Content of vars_ufw.yml config file:

---
allow_in:
  - {port: 22, proto: 'tcp'}
  - {port: 25, proto: 'tcp'}
  - {port: 53, proto: 'udp'}
  - {port: 53, proto: 'tcp'}
  - {port: 80, proto: 'tcp'}
  - {port: 443, proto: 'tcp'}
  - {port: 546, proto: 'udp'}
  - {port: 587, proto: 'tcp'}
  - {port: 993, proto: 'tcp'}
  - {port: 5222, proto: 'tcp'}
  - {port: 5223, proto: 'tcp'}
  - {port: 5269, proto: 'tcp'}
  - {port: 5280, proto: 'tcp'}
  - {port: 5281, proto: 'tcp'}

allow_out:
  - {port: 22, proto: 'tcp'}
  - {port: 25, proto: 'tcp'}
  - {port: 53, proto: 'udp'}
  - {port: 53, proto: 'tcp'}
  - {port: 123, proto: 'udp'}
  - {port: 547, proto: 'udp'}
  - {port: 587, proto: 'udp'}
  - {port: 4222, proto: 'tcp'}
  - {port: 5222, proto: 'tcp'}
  - {port: 5269, proto: 'tcp'}

Script

➜  lab_ansible git:(master) ✗ cat ufw.yml
---
- hosts: servers
  remote_user: root
  strategy: debug
  vars_files:
    - ./vars_ufw.yml

  tasks:
  - name: Allow incoming traffic
    ufw:
      rule: allow
      port: "{{ item.port }}"
      proto: "{{ item.proto }}"
      direction: in
    with_items: "{{ allow_in }}"

  - name: Allow outgoing traffic
    ufw:
      rule: allow
      port: "{{ item.port }}"
      proto: "{{ item.proto }}"
      direction: out
    with_items: "{{ allow_out }}"

  - name: Set firewall default policy
    ufw: state=enabled policy=deny
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment