From 8f80c2855f3469b96a99e4348d351afa3c32ae80 Mon Sep 17 00:00:00 2001 From: mg Date: Wed, 6 Oct 2021 10:18:23 +0200 Subject: [PATCH] ufw: Zugriff immer nur per IPv4 (#210) Co-authored-by: Michael Grote Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/210 Co-authored-by: mg Co-committed-by: mg --- group_vars/acng.yml | 2 ++ group_vars/all.yml | 4 +--- group_vars/docker.yml | 1 - group_vars/dokuwiki.yml | 2 ++ group_vars/fileserver.yml | 3 +++ group_vars/gitea.yml | 3 +++ group_vars/jenkins.yml | 2 ++ group_vars/laptop.yml | 1 + group_vars/ntpserver.yml | 1 + group_vars/pihole.yml | 3 +++ host_vars/docker-test.grote.lan.yml | 2 ++ host_vars/docker2.grote.lan.yml | 2 ++ 12 files changed, 22 insertions(+), 4 deletions(-) diff --git a/group_vars/acng.yml b/group_vars/acng.yml index bf30897c..f07f9f0b 100644 --- a/group_vars/acng.yml +++ b/group_vars/acng.yml @@ -5,6 +5,7 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp @@ -13,6 +14,7 @@ - rule: allow to_port: 9999 comment: 'acng' + from_ip: 0.0.0.0/0 ### mgrote.acng acng_server_port: 9999 acng_server_exthreshold: "60" #hebt Pakete 60 Tage auf diff --git a/group_vars/all.yml b/group_vars/all.yml index e83e4010..b53939e1 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -28,9 +28,6 @@ config: | [lvm_*] user root - - - ### mgrote.dotfiles dotfiles_repo_url: https://git.mgrote.net/mg/dotfiles dotfiles_repo_path: /home/mg/dotfiles @@ -97,6 +94,7 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp diff --git a/group_vars/docker.yml b/group_vars/docker.yml index 303f4f21..9dc78785 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -21,7 +21,6 @@ /var/lib/docker/volumes/docker-photoprism_pp_smb_bilder***/** # https://github.com/restic/restic/issues/1005 # https://forum.restic.net/t/exclude-syntax-confusion/1531/12 - ### geerlingguy.munin-node munin_node_plugins: - name: chrony diff --git a/group_vars/dokuwiki.yml b/group_vars/dokuwiki.yml index 4280ef39..f9456d7a 100644 --- a/group_vars/dokuwiki.yml +++ b/group_vars/dokuwiki.yml @@ -7,9 +7,11 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 80 comment: 'dokuwiki-webserver' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp diff --git a/group_vars/fileserver.yml b/group_vars/fileserver.yml index 62c54372..b7b686bf 100644 --- a/group_vars/fileserver.yml +++ b/group_vars/fileserver.yml @@ -99,12 +99,15 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 445 comment: 'smb' + from_ip: 0.0.0.0/0 - rule: allow to_port: 139 comment: 'smb' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp diff --git a/group_vars/gitea.yml b/group_vars/gitea.yml index 6c5f8cfa..233b7c8b 100644 --- a/group_vars/gitea.yml +++ b/group_vars/gitea.yml @@ -7,14 +7,17 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 3000 protocol: tcp comment: 'gitea' + from_ip: 0.0.0.0/0 - rule: allow to_port: 2222 protocol: tcp comment: 'gitea' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp diff --git a/group_vars/jenkins.yml b/group_vars/jenkins.yml index cb4a8ce0..8386be5c 100644 --- a/group_vars/jenkins.yml +++ b/group_vars/jenkins.yml @@ -13,9 +13,11 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 8080 comment: 'jenkins' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp diff --git a/group_vars/laptop.yml b/group_vars/laptop.yml index b6f908a1..ef1b1584 100644 --- a/group_vars/laptop.yml +++ b/group_vars/laptop.yml @@ -65,3 +65,4 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 diff --git a/group_vars/ntpserver.yml b/group_vars/ntpserver.yml index dbc95295..13b68a4e 100644 --- a/group_vars/ntpserver.yml +++ b/group_vars/ntpserver.yml @@ -5,6 +5,7 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 123 comment: 'ntp' diff --git a/group_vars/pihole.yml b/group_vars/pihole.yml index c7a35249..a6644093 100644 --- a/group_vars/pihole.yml +++ b/group_vars/pihole.yml @@ -5,9 +5,11 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 80 comment: 'pihole-webgui' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp @@ -16,6 +18,7 @@ - rule: allow to_port: 53 comment: 'pihole-dns' + from_ip: 0.0.0.0/0 ## playbook pihole_homer_fqdn: docker.grote.lan # unter welchem host ist docker erreichbar? notwendig für die pihole stats in homer; fur die cors abfrage ### mgrote.restic diff --git a/host_vars/docker-test.grote.lan.yml b/host_vars/docker-test.grote.lan.yml index 2ba8c96d..0ab0ec86 100644 --- a/host_vars/docker-test.grote.lan.yml +++ b/host_vars/docker-test.grote.lan.yml @@ -39,7 +39,9 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' + from_ip: 0.0.0.0/0 diff --git a/host_vars/docker2.grote.lan.yml b/host_vars/docker2.grote.lan.yml index ecde4b1a..1078bfd9 100644 --- a/host_vars/docker2.grote.lan.yml +++ b/host_vars/docker2.grote.lan.yml @@ -31,10 +31,12 @@ to_port: 22 protocol: tcp comment: 'ssh' + from_ip: 0.0.0.0/0 - rule: allow to_port: 4949 protocol: tcp comment: 'munin' + from_ip: 0.0.0.0/0 ### mgrote.apt_install_packages programs_extra: - libwww-curl-perl # für munin-plugin: unifi