You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
887 B
49 lines
887 B
---
|
|
- name: firewall | install ufw
|
|
apt:
|
|
pkg: ufw
|
|
state: present
|
|
become: yes
|
|
|
|
- name: firewall | Open ssh port
|
|
ufw:
|
|
state: enabled
|
|
rule: "{{ firewall__ssh_rule }}"
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
loop:
|
|
- 22
|
|
- 8822
|
|
become: yes
|
|
|
|
- name: firewall | deny all incoming connections
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
direction: incoming
|
|
become: yes
|
|
|
|
- name: firewall | allow all outgoing connections
|
|
ufw:
|
|
state: enabled
|
|
policy: allow
|
|
direction: outgoing
|
|
become: yes
|
|
|
|
- name: firewall | allow all connections from localhost
|
|
ufw:
|
|
state: enabled
|
|
from: "127.0.0.1"
|
|
rule: allow
|
|
proto: any
|
|
become: yes
|
|
|
|
- name: firewall | Copy SSH config
|
|
template:
|
|
src: "etc/ssh/sshd_config.j2"
|
|
dest: "/etc/ssh/sshd_config"
|
|
mode: 0644
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
become: yes
|
|
notify: restart sshd
|
|
|
|
|