rluch/ansible
1
0
Fork 0
forked from data.coop/ansible
Code Issues Pull requests Releases Wiki Activity

Make TCP the default allowed firewall protocol

Browse source 
Custom protocol can still be specified by adding `proto: "proto"` to a
loop item.
This commit is contained in:
Sam A. 2022-11-22 21:37:37 +01:00
parent 71cc3e2241
commit fc7ca37b07
Signed by untrusted user: samsapti
GPG key ID: CBBBE7371E81C4EA
1 changed files with 12 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
roles/ubuntu_base/tasks/firewall.yml
View file

@ -3,39 +3,20 @@
community.general.ufw: community.general.ufw:
state: enabled state: enabled
policy: deny policy: deny
- name: Allow necessary ports - name: Allow necessary ports
community.general.ufw: community.general.ufw:
rule: allow rule: allow
port: "{{ item.port }}" port: "{{ item.port }}"
proto: "{{ item.proto }}" proto: "{{ item.proto | default('tcp') }}"
loop: loop:
# Gitea SSH - port: 22 # Gitea SSH
- port: 22 - port: 80 # HTTP
proto: "tcp" - port: 443 # HTTPS
# HTTP - port: 389 # OpenLDAP
- port: 80 - port: 636 # OpenLDAP
proto: "tcp" - port: 25 # Email
# HTTPS - port: 465 # Email
- port: 443 - port: 587 # Email
proto: "tcp" - port: 993 # Email
# OpenLDAP - port: 19022 # SSH
- port: 389
proto: "tcp"
# OpenLDAP
- port: 636
proto: "tcp"
# Email
- port: 25
proto: "tcp"
# Email
- port: 465
proto: "tcp"
# Email
- port: 587
proto: "tcp"
# Email
- port: 993
proto: "tcp"
# SSH
- port: 19022
proto: "tcp"