ansible-role-mirrors
/
ansible-ufw
mirror of https://github.com/Oefenweb/ansible-ufw.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Ansible role to set up ufw in Debian-like systems
153 Commits 2 Branches 56 Tags 235 KiB
Jinja 75.7%
Dockerfile 24.3%
Go to file
Mischa ter Smitten 4a30e93cab
Consistency changes 		2023-11-02 13:09:47 +01:00
.github/workflows Add Debian 11 and 12 support 2023-10-30 15:12:31 +01:00
defaults (Python) consistency changes 2021-03-15 16:18:06 +01:00
files Initial version 2014-09-03 11:20:49 +02:00
handlers Fixes #45 2023-04-19 17:18:48 +02:00
meta Add Debian 11 and 12 support 2023-10-30 15:12:31 +01:00
molecule/default Fixes #45 2023-04-19 17:18:48 +02:00
tasks Cs fixes 2023-04-19 17:21:42 +02:00
templates/etc WIP 2023-04-19 17:03:49 +02:00
tests Fixes #45 2023-04-19 17:18:48 +02:00
vars Fix failing tests for Debian 10? 2021-03-23 16:42:11 +01:00
.ansible-lint Improved ignore 2023-04-19 17:29:23 +02:00
.gitignore Consistency change [ci skip] 2015-07-13 23:13:20 +02:00
.yamllint Make use of github actions 2021-03-22 13:48:58 +01:00
Dockerfile WIP 2023-04-19 17:03:49 +02:00
LICENSE.txt Initial commit 2014-09-03 11:15:51 +02:00
README.md Consistency changes 2023-11-02 13:09:47 +01:00
Vagrantfile Add Debian 11 and 12 support 2023-10-30 15:12:31 +01:00
requirements.yml Fixes #45 2023-04-19 17:18:48 +02:00

README.md

ufw

CI Ansible Galaxy

Set up ufw in Debian-like systems.

Requirements

None

Variables

  • ufw_default_incoming_policy [default: deny]: Default (incoming) policy

  • ufw_default_outgoing_policy [default: allow]: Default (outgoing) policy

  • ufw_logging [default: off]: Log level

  • ufw_rules [default: see defaults/main.yml]: Rules to apply

  • ufw_etc_default_ipv6 [default: true]: Set to yes to apply rules to support IPv6

  • ufw_etc_default_default_input_policy [default: DROP]: Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules

  • ufw_etc_default_default_output_policy [default: ACCEPT]: Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules

  • ufw_etc_default_default_forward_policy [default: DROP]: Set the default forward policy to ACCEPT, DROP or REJECT. Please note that if you change this you will most likely want to adjust your rules

  • ufw_etc_default_default_application_policy [default: SKIP]: Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please note that setting this to ACCEPT may be a security risk

  • ufw_etc_default_manage_builtins [default: false]: By default, ufw only touches its own chains. Set this to 'yes' to have ufw manage the built-in chains too. Warning: setting this to 'yes' will break non-ufw managed firewall rules

  • ufw_etc_default_ipt_sysctl [default: /etc/ufw/sysctl.conf]: IPT backend, only enable if using iptables backend

  • ufw_etc_default_ipt_modules [default: [nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_netbios_ns]]: Extra connection tracking modules to load. Complete list can be found in net/netfilter/Kconfig of your kernel source

Dependencies

None

Example

---
- hosts: all
  roles:
    - oefenweb.ufw
Allow ssh
- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        to_port: 22
        protocol: tcp
        comment: 'allow incoming connection on standard ssh port'
Allow all traffic on eth1
- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth1
        to_port: ''
        comment: 'allow all traffic on interface eth1'
Allow snmp traffic from 1.2.3.4 on eth0
- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth0
        from_ip: 1.2.3.4
        to_port: 161
        protocol: udp

License

MIT

Author Information

Mischa ter Smitten (based on work of weareinteractive)

Feedback, bug-reports, requests, ...

Are welcome!