28 lines
703 B
YAML
28 lines
703 B
YAML
---
|
|
|
|
- name: Install ufw
|
|
apt: package=ufw state=present
|
|
|
|
- name: Configure ufw defaults
|
|
ufw: direction={{ item.direction }} policy={{ item.policy }}
|
|
with_items:
|
|
- { direction: 'incoming', policy: 'deny' }
|
|
- { direction: 'outgoing', policy: 'allow' }
|
|
|
|
- name: Configure ufw rules
|
|
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
|
|
with_items:
|
|
- { rule: 'limit', port: '{{ ssh_port | default("22") }}', proto: 'tcp' }
|
|
- { rule: 'allow', port: '80', proto: 'tcp' }
|
|
- { rule: 'allow', port: '443', proto: 'tcp' }
|
|
|
|
notify:
|
|
- Restart ufw
|
|
|
|
- name: Enable ufw logging
|
|
ufw: logging=on
|
|
notify:
|
|
- Restart ufw
|
|
|
|
- name: Enable ufw
|
|
ufw: state=enabled |
