From 5f718e1027f5da425f6205221d705bd1c731a196 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Thu, 10 Nov 2022 21:48:24 +0100 Subject: [PATCH] Add firewall setup with UFW --- roles/ubuntu_base/tasks/base.yml | 1 + roles/ubuntu_base/tasks/firewall.yml | 20 ++++++++++++++++++++ roles/ubuntu_base/tasks/main.yml | 2 ++ 3 files changed, 23 insertions(+) create mode 100644 roles/ubuntu_base/tasks/firewall.yml diff --git a/roles/ubuntu_base/tasks/base.yml b/roles/ubuntu_base/tasks/base.yml index 257352b..f4ed43f 100644 --- a/roles/ubuntu_base/tasks/base.yml +++ b/roles/ubuntu_base/tasks/base.yml @@ -9,6 +9,7 @@ - apparmor - haveged - mosh + - ufw - srvadmin-all # Dell OpenManage - name: Install necessary packages via pip diff --git a/roles/ubuntu_base/tasks/firewall.yml b/roles/ubuntu_base/tasks/firewall.yml new file mode 100644 index 0000000..bd40c93 --- /dev/null +++ b/roles/ubuntu_base/tasks/firewall.yml @@ -0,0 +1,20 @@ +--- +- name: Setup firewall with UFW + community.general.ufw: + state: enabled + policy: deny +- name: Allow necessary ports + community.general.ufw: + rule: allow + port: "{{ item }}" + loop: + - 22 # Gitea SSH + - 80 # HTTP + - 443 # HTTPS + - 389 # OpenLDAP + - 636 # OpenLDAP + - 25 # Email + - 465 # Email + - 587 # Email + - 993 # Email + - 19022 # SSH diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml index d6d34a4..dddc508 100644 --- a/roles/ubuntu_base/tasks/main.yml +++ b/roles/ubuntu_base/tasks/main.yml @@ -7,4 +7,6 @@ tags: [install-base-packages] - import_tasks: users.yml tags: [setup-users] +- import_tasks: firewall.yml + tags: [setup-firewall]