65b00c8840
- Enable ufw and by default deny incoming traffic - in other roles: if ufw (role) is enabled, then allow necessary ports
41 lines
555 B
JSON
41 lines
555 B
JSON
[
|
|
{
|
|
"name": "install ufw",
|
|
"become": true,
|
|
"ansible.builtin.apt": {
|
|
"update_cache": true,
|
|
"pkg": [
|
|
"ufw"
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "ufw deny incoming",
|
|
"ufw": {
|
|
"direction": "incoming",
|
|
"proto": "any",
|
|
"policy": "deny"
|
|
}
|
|
},
|
|
{
|
|
"name": "ufw allow outgoing",
|
|
"ufw": {
|
|
"direction": "outgoing",
|
|
"proto": "any",
|
|
"policy": "allow"
|
|
}
|
|
},
|
|
{
|
|
"name": "ufw allow and rate-limit ssh",
|
|
"ufw": {
|
|
"rule": "limit",
|
|
"name": "ssh"
|
|
}
|
|
},
|
|
{
|
|
"name": "enable ufw service",
|
|
"ufw": {
|
|
"state": "enabled"
|
|
}
|
|
}
|
|
]
|