Last active
April 6, 2020 09:26
-
-
Save ldvc/5bedaa68bf8b5fb88d6d8b469d2080d2 to your computer and use it in GitHub Desktop.
Revisions
-
ldvc revised this gist
Jan 2, 2018 . 1 changed file with 10 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -62,4 +62,13 @@ Contenu du script `ufw.yml` : - name: Set firewall default policy ufw: state=enabled policy=deny ``` #### Exécution Contenu du fichier `inventory` : ```ini [servers] myserver.example.com ``` Lancement via `ansible-playbook -i inventory ufw.yml` -
Jan 2, 2018 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,7 @@ ### Ansible + UFW #### Config Contenu du fichier `vars_ufw.yml` : ```yaml --- allow_in: @@ -34,8 +34,8 @@ allow_out: ``` #### Script Contenu du script `ufw.yml` : ```yaml --- - hosts: servers remote_user: root -
Jan 2, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,8 @@ ### Ansible + UFW #### Config Content of `vars_ufw.yml` config file: ```yaml --- allow_in: - {port: 22, proto: 'tcp'} -
Jan 2, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,65 @@ ### Ansible + UFW #### Config ``` ➜ lab_ansible git:(master) ✗ cat vars_ufw.yml --- allow_in: - {port: 22, proto: 'tcp'} - {port: 25, proto: 'tcp'} - {port: 53, proto: 'udp'} - {port: 53, proto: 'tcp'} - {port: 80, proto: 'tcp'} - {port: 443, proto: 'tcp'} - {port: 546, proto: 'udp'} - {port: 587, proto: 'tcp'} - {port: 993, proto: 'tcp'} - {port: 5222, proto: 'tcp'} - {port: 5223, proto: 'tcp'} - {port: 5269, proto: 'tcp'} - {port: 5280, proto: 'tcp'} - {port: 5281, proto: 'tcp'} allow_out: - {port: 22, proto: 'tcp'} - {port: 25, proto: 'tcp'} - {port: 53, proto: 'udp'} - {port: 53, proto: 'tcp'} - {port: 123, proto: 'udp'} - {port: 547, proto: 'udp'} - {port: 587, proto: 'udp'} - {port: 4222, proto: 'tcp'} - {port: 5222, proto: 'tcp'} - {port: 5269, proto: 'tcp'} ``` #### Script ``` ➜ lab_ansible git:(master) ✗ cat ufw.yml --- - hosts: servers remote_user: root strategy: debug vars_files: - ./vars_ufw.yml tasks: - name: Allow incoming traffic ufw: rule: allow port: "{{ item.port }}" proto: "{{ item.proto }}" direction: in with_items: "{{ allow_in }}" - name: Allow outgoing traffic ufw: rule: allow port: "{{ item.port }}" proto: "{{ item.proto }}" direction: out with_items: "{{ allow_out }}" - name: Set firewall default policy ufw: state=enabled policy=deny ```