27 lines
621 B
YAML
27 lines
621 B
YAML
---
|
|
- name: Install UFW firewall
|
|
ansible.builtin.apt:
|
|
name: ufw
|
|
state: present
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Configure UFW defaults
|
|
community.general.ufw:
|
|
direction: "{{ item.direction }}"
|
|
policy: "{{ item.policy }}"
|
|
loop:
|
|
- { direction: 'incoming', policy: 'deny' }
|
|
- { direction: 'outgoing', policy: 'allow' }
|
|
notify: reload firewall
|
|
|
|
- name: Allow TCP ports
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "{{ item }}"
|
|
proto: tcp
|
|
loop: "{{ firewall_allowed_tcp_ports }}"
|
|
notify: reload firewall
|
|
|
|
- name: Enable UFW
|
|
community.general.ufw:
|
|
state: enabled |