ansible/roles/ubuntu_base/tasks/firewall.yml

---
- name: Setup firewall with UFW
  community.general.ufw: 
    state: enabled
    policy: deny
- name: Allow necessary ports
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - "22/tcp"     # Gitea SSH
    - "80/tcp"     # HTTP
    - "443/tcp"    # HTTPS
    - "389/tcp"    # OpenLDAP
    - "636/tcp"    # OpenLDAP
    - "25/tcp"     # Email
    - "465/tcp"    # Email
    - "587/tcp"    # Email
    - "993/tcp"    # Email
    - "19022/tcp"  # SSH
Add firewall setup with UFW 2022-11-10 20:48:24 +00:00			`---`
			`- name: Setup firewall with UFW`
			`community.general.ufw:`
			`state: enabled`
			`policy: deny`
			`- name: Allow necessary ports`
			`community.general.ufw:`
			`rule: allow`
			`port: "{{ item }}"`
			`loop:`
Allow only TCP traffic on specified ports 2022-11-15 19:42:18 +00:00			`- "22/tcp" # Gitea SSH`
			`- "80/tcp" # HTTP`
			`- "443/tcp" # HTTPS`
			`- "389/tcp" # OpenLDAP`
			`- "636/tcp" # OpenLDAP`
			`- "25/tcp" # Email`
			`- "465/tcp" # Email`
			`- "587/tcp" # Email`
			`- "993/tcp" # Email`
			`- "19022/tcp" # SSH`