forked from data.coop/ansible
Add firewall setup with UFW
This commit is contained in:
parent
536441d24b
commit
5f718e1027
GPG key ID:
CBBBE7371E81C4EA
|
|
@ -9,6 +9,7 @@
|
||||||
- apparmor
|
- apparmor
|
||||||
- haveged
|
- haveged
|
||||||
- mosh
|
- mosh
|
||||||
|
- ufw
|
||||||
- srvadmin-all # Dell OpenManage
|
- srvadmin-all # Dell OpenManage
|
||||||
|
|
||||||
- name: Install necessary packages via pip
|
- name: Install necessary packages via pip
|
||||||
|
|
|
||||||
20
roles/ubuntu_base/tasks/firewall.yml
Normal file
20
roles/ubuntu_base/tasks/firewall.yml
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
---
|
||||||
|
- name: Setup firewall with UFW
|
||||||
|
community.general.ufw:
|
||||||
|
state: enabled
|
||||||
|
policy: deny
|
||||||
|
- name: Allow necessary ports
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
port: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- 22 # Gitea SSH
|
||||||
|
- 80 # HTTP
|
||||||
|
- 443 # HTTPS
|
||||||
|
- 389 # OpenLDAP
|
||||||
|
- 636 # OpenLDAP
|
||||||
|
- 25 # Email
|
||||||
|
- 465 # Email
|
||||||
|
- 587 # Email
|
||||||
|
- 993 # Email
|
||||||
|
- 19022 # SSH
|
||||||
|
|
@ -7,4 +7,6 @@
|
||||||
tags: [install-base-packages]
|
tags: [install-base-packages]
|
||||||
- import_tasks: users.yml
|
- import_tasks: users.yml
|
||||||
tags: [setup-users]
|
tags: [setup-users]
|
||||||
|
- import_tasks: firewall.yml
|
||||||
|
tags: [setup-firewall]
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue