summaryrefslogtreecommitdiff
path: root/roles/firewall/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/firewall/tasks')
-rw-r--r--roles/firewall/tasks/main.yml32
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..6e95326
--- /dev/null
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,32 @@
+---
+- name: Install ufw
+ become: yes
+ pacman: name=ufw state=present update_cache=yes
+
+- name: set deny policy
+ become: yes
+ ufw: policy=deny
+
+- name: set all allow rules
+ become: yes
+ ufw: direction={{ item.direction }} rule=allow proto={{ item.proto }} port={{ item.port }}
+ with_items:
+ - { direction: in, proto: tcp, port: 22 } #ssh
+ - { direction: in, proto: tcp, port: 25 } #smtp
+ - { direction: in, proto: tcp, port: 80 } #http brentj.es
+ - { direction: in, proto: tcp, port: 143 } #Imap
+ - { direction: in, proto: tcp, port: 443 } #https brentj.es
+ - { direction: in, proto: tcp, port: 442 } #https phpmyadmin
+ - { direction: in, proto: tcp, port: 444 } #https owncloud
+ - { direction: in, proto: tcp, port: 587 } #alt smtp
+ - { direction: in, proto: tcp, port: 9000 } #weechat relay
+ - { direction: in, proto: tcp, port: 9003 } #weechat urlserver
+ - { direction: in, proto: udp, port: 60000 } #mosh
+
+- name: enable ufw itself
+ become: yes
+ ufw: state=enabled
+
+- name: Start and enable ufw
+ become: yes
+ service: name=ufw state=started enabled=yes
generated by cgit v1.2.3-70-g09d2 (git 2.49.0) at 2025-12-16 16:58:29 +0000