Add firewall setup with UFW

2022-11-10 21:48:24 +01:00 · 2022-11-10 21:48:24 +01:00 · 5f718e1027
parent 536441d24b
commit 5f718e1027
3 changed files with 23 additions and 0 deletions
--- a/roles/ubuntu_base/tasks/base.yml
+++ b/roles/ubuntu_base/tasks/base.yml
@ -9,6 +9,7 @@
    - apparmor
    - haveged
    - mosh
+    - ufw
    - srvadmin-all # Dell OpenManage

 - name: Install necessary packages via pip
--- a/roles/ubuntu_base/tasks/firewall.yml
+++ b/roles/ubuntu_base/tasks/firewall.yml
@ -0,0 +1,20 @@
+---
+- name: Setup firewall with UFW
+  community.general.ufw: 
+    state: enabled
+    policy: deny
+- name: Allow necessary ports
+  community.general.ufw:
+    rule: allow
+    port: "{{ item }}"
+  loop:
+    - 22     # Gitea SSH
+    - 80     # HTTP
+    - 443    # HTTPS
+    - 389    # OpenLDAP
+    - 636    # OpenLDAP
+    - 25     # Email
+    - 465    # Email
+    - 587    # Email
+    - 993    # Email
+    - 19022  # SSH
--- a/roles/ubuntu_base/tasks/main.yml
+++ b/roles/ubuntu_base/tasks/main.yml
@ -7,4 +7,6 @@
  tags: [install-base-packages]
 - import_tasks: users.yml
  tags: [setup-users]
+- import_tasks: firewall.yml
+  tags: [setup-firewall]