diff options
| author | Dennis Brentjes <d.brentjes@gmail.com> | 2016-08-28 16:08:42 +0200 |
|---|---|---|
| committer | Dennis Brentjes <d.brentjes@gmail.com> | 2016-08-28 16:14:56 +0200 |
| commit | 68515bbb478f326a252ca688fcc97f3fdc8c4f97 (patch) | |
| tree | 05954f1bf339c6ad973ed07736e0d328d5fbe3db /roles/firewall/tasks/main.yml | |
| download | ansible-68515bbb478f326a252ca688fcc97f3fdc8c4f97.tar.gz ansible-68515bbb478f326a252ca688fcc97f3fdc8c4f97.tar.bz2 ansible-68515bbb478f326a252ca688fcc97f3fdc8c4f97.zip | |
Initial commit, finally got around to cleanup and make it into a
gitrepo.
Diffstat (limited to 'roles/firewall/tasks/main.yml')
| -rw-r--r-- | roles/firewall/tasks/main.yml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml new file mode 100644 index 0000000..6e95326 --- /dev/null +++ b/roles/firewall/tasks/main.yml @@ -0,0 +1,32 @@ +--- +- name: Install ufw + become: yes + pacman: name=ufw state=present update_cache=yes + +- name: set deny policy + become: yes + ufw: policy=deny + +- name: set all allow rules + become: yes + ufw: direction={{ item.direction }} rule=allow proto={{ item.proto }} port={{ item.port }} + with_items: + - { direction: in, proto: tcp, port: 22 } #ssh + - { direction: in, proto: tcp, port: 25 } #smtp + - { direction: in, proto: tcp, port: 80 } #http brentj.es + - { direction: in, proto: tcp, port: 143 } #Imap + - { direction: in, proto: tcp, port: 443 } #https brentj.es + - { direction: in, proto: tcp, port: 442 } #https phpmyadmin + - { direction: in, proto: tcp, port: 444 } #https owncloud + - { direction: in, proto: tcp, port: 587 } #alt smtp + - { direction: in, proto: tcp, port: 9000 } #weechat relay + - { direction: in, proto: tcp, port: 9003 } #weechat urlserver + - { direction: in, proto: udp, port: 60000 } #mosh + +- name: enable ufw itself + become: yes + ufw: state=enabled + +- name: Start and enable ufw + become: yes + service: name=ufw state=started enabled=yes |