diff options
Diffstat (limited to 'roles/firewall')
| -rw-r--r-- | roles/firewall/tasks/main.yml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml new file mode 100644 index 0000000..6e95326 --- /dev/null +++ b/roles/firewall/tasks/main.yml @@ -0,0 +1,32 @@ +--- +- name: Install ufw + become: yes + pacman: name=ufw state=present update_cache=yes + +- name: set deny policy + become: yes + ufw: policy=deny + +- name: set all allow rules + become: yes + ufw: direction={{ item.direction }} rule=allow proto={{ item.proto }} port={{ item.port }} + with_items: + - { direction: in, proto: tcp, port: 22 } #ssh + - { direction: in, proto: tcp, port: 25 } #smtp + - { direction: in, proto: tcp, port: 80 } #http brentj.es + - { direction: in, proto: tcp, port: 143 } #Imap + - { direction: in, proto: tcp, port: 443 } #https brentj.es + - { direction: in, proto: tcp, port: 442 } #https phpmyadmin + - { direction: in, proto: tcp, port: 444 } #https owncloud + - { direction: in, proto: tcp, port: 587 } #alt smtp + - { direction: in, proto: tcp, port: 9000 } #weechat relay + - { direction: in, proto: tcp, port: 9003 } #weechat urlserver + - { direction: in, proto: udp, port: 60000 } #mosh + +- name: enable ufw itself + become: yes + ufw: state=enabled + +- name: Start and enable ufw + become: yes + service: name=ufw state=started enabled=yes |