homeserver

History

Michael Grote c86eb523bb Rolle aktualisiert: ufw (#459 ) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #459		2023-02-17 12:07:48 +01:00
..
.github/workflows	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
defaults	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
files	rollen "ausgeschrieben"	2021-02-13 14:20:18 +01:00
handlers	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
meta	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
molecule/default	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
tasks	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
templates/etc	rollen "ausgeschrieben"	2021-02-13 14:20:18 +01:00
tests	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
vars	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
.ansible-lint	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
.gitignore	rollen "ausgeschrieben"	2021-02-13 14:20:18 +01:00
.yamllint	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
Dockerfile	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
LICENSE.txt	rollen "ausgeschrieben"	2021-02-13 14:20:18 +01:00
README.md	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00
Vagrantfile	Rolle aktualisiert: ufw (#459 )	2023-02-17 12:07:48 +01:00

README.md

ufw

Set up ufw in Debian-like systems.

Requirements

None

Variables

ufw_default_incoming_policy [default: deny]: Default (incoming) policy
ufw_default_outgoing_policy [default: allow]: Default (outgoing) policy
ufw_logging [default: off]: Log level
ufw_rules [default: see defaults/main.yml]: Rules to apply
ufw_etc_default_ipv6 [default: true]: Set to yes to apply rules to support IPv6
ufw_etc_default_default_input_policy [default: DROP]: Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules
ufw_etc_default_default_output_policy [default: ACCEPT]: Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules
ufw_etc_default_default_forward_policy [default: DROP]: Set the default forward policy to ACCEPT, DROP or REJECT. Please note that if you change this you will most likely want to adjust your rules
ufw_etc_default_default_application_policy [default: SKIP]: Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please note that setting this to ACCEPT may be a security risk
ufw_etc_default_manage_builtins [default: false]: By default, ufw only touches its own chains. Set this to 'yes' to have ufw manage the built-in chains too. Warning: setting this to 'yes' will break non-ufw managed firewall rules
ufw_etc_default_ipt_sysctl [default: /etc/ufw/sysctl.conf]: IPT backend, only enable if using iptables backend
ufw_etc_default_ipt_modules [default: [nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_netbios_ns]]: Extra connection tracking modules to load. Complete list can be found in net/netfilter/Kconfig of your kernel source

Dependencies

None

Example

---
- hosts: all
  roles:
    - ufw

Allow ssh

- hosts: all
  roles:
    - ufw
  vars:
    ufw_rules:
      - rule: allow
        to_port: 22
        protocol: tcp
        comment: 'allow incoming connection on standard ssh port'

Allow all traffic on eth1

- hosts: all
  roles:
    - ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth1
        to_port: ''
        comment: 'allow all traffic on interface eth1'

Allow snmp traffic from 1.2.3.4 on eth0

- hosts: all
  roles:
    - ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth0
        from_ip: 1.2.3.4
        to_port: 161
        protocol: udp

License

MIT

Author Information

Mischa ter Smitten (based on work of weareinteractive)

Feedback, bug-reports, requests, ...

Are welcome!