ansible/roles/ubuntu_base/tasks/firewall.yml

---
- name: Setup firewall with UFW
  community.general.ufw:
    state: enabled
    policy: deny

- name: Allow necessary ports
  community.general.ufw:
    rule: allow
    port: '{{ item.port }}'
    proto: "{{ item.proto | default('tcp') }}"
  loop:
    - port: 22 # Gitea SSH
    - port: 80 # HTTP
    - port: 443 # HTTPS
    - port: 389 # OpenLDAP
    - port: 636 # OpenLDAP
    - port: 25 # Email
    - port: 465 # Email
    - port: 587 # Email
    - port: 993 # Email
    - port: 19022 # SSH
  loop_control:
    loop_var: ubuntu_base_port
Add firewall setup with UFW 2022-11-10 20:48:24 +00:00			`---`
			`- name: Setup firewall with UFW`
WIP. 2022-11-26 08:52:41 +00:00			`community.general.ufw:`
Add firewall setup with UFW 2022-11-10 20:48:24 +00:00			`state: enabled`
			`policy: deny`
Make TCP the default allowed firewall protocol Custom protocol can still be specified by adding `proto: "proto"` to a loop item. 2022-11-22 20:37:37 +00:00
Add firewall setup with UFW 2022-11-10 20:48:24 +00:00			`- name: Allow necessary ports`
			`community.general.ufw:`
			`rule: allow`
WIP. 2022-11-26 08:52:41 +00:00			`port: '{{ item.port }}'`
Make TCP the default allowed firewall protocol Custom protocol can still be specified by adding `proto: "proto"` to a loop item. 2022-11-22 20:37:37 +00:00			`proto: "{{ item.proto \| default('tcp') }}"`
Add firewall setup with UFW 2022-11-10 20:48:24 +00:00			`loop:`
WIP. 2022-11-26 08:52:41 +00:00			`- port: 22 # Gitea SSH`
			`- port: 80 # HTTP`
			`- port: 443 # HTTPS`
			`- port: 389 # OpenLDAP`
			`- port: 636 # OpenLDAP`
			`- port: 25 # Email`
			`- port: 465 # Email`
			`- port: 587 # Email`
			`- port: 993 # Email`
			`- port: 19022 # SSH`
WIP. 2022-11-26 09:47:37 +00:00			`loop_control:`
			`loop_var: ubuntu_base_port`