GithubHelp home page GithubHelp logo

ittps-pro / ansible-ufw Goto Github PK

View Code? Open in Web Editor NEW

This project forked from oefenweb/ansible-ufw

0.0 0.0 0.0 130 KB

Ansible role to set up ufw in Debian-like systems

License: MIT License

Dockerfile 24.27% Jinja 75.73%

ansible-ufw's Introduction

ufw

CI Ansible Galaxy

Set up ufw in Debian-like systems.

Requirements

None

Variables

  • ufw_default_incoming_policy [default: deny]: Default (incoming) policy

  • ufw_default_outgoing_policy [default: allow]: Default (outgoing) policy

  • ufw_logging [default: off]: Log level

  • ufw_rules [default: see defaults/main.yml]: Rules to apply

  • ufw_etc_default_ipv6 [default: true]: Set to yes to apply rules to support IPv6

  • ufw_etc_default_default_input_policy [default: DROP]: Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules

  • ufw_etc_default_default_output_policy [default: ACCEPT]: Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules

  • ufw_etc_default_default_forward_policy [default: DROP]: Set the default forward policy to ACCEPT, DROP or REJECT. Please note that if you change this you will most likely want to adjust your rules

  • ufw_etc_default_default_application_policy [default: SKIP]: Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please note that setting this to ACCEPT may be a security risk

  • ufw_etc_default_manage_builtins [default: false]: By default, ufw only touches its own chains. Set this to 'yes' to have ufw manage the built-in chains too. Warning: setting this to 'yes' will break non-ufw managed firewall rules

  • ufw_etc_default_ipt_sysctl [default: /etc/ufw/sysctl.conf]: IPT backend, only enable if using iptables backend

  • ufw_etc_default_ipt_modules [default: [nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_netbios_ns]]: Extra connection tracking modules to load. Complete list can be found in net/netfilter/Kconfig of your kernel source

Dependencies

None

Example

---
- hosts: all
  roles:
    - oefenweb.ufw
Allow ssh
- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        to_port: 22
        protocol: tcp
        comment: 'allow incoming connection on standard ssh port'
Allow all traffic on eth1
- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth1
        to_port: ''
        comment: 'allow all traffic on interface eth1'
Allow snmp traffic from 1.2.3.4 on eth0
- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth0
        from_ip: 1.2.3.4
        to_port: 161
        protocol: udp

License

MIT

Author Information

Mischa ter Smitten (based on work of weareinteractive)

Feedback, bug-reports, requests, ...

Are welcome!

ansible-ufw's People

Contributors

tersmitten avatar kmonticolo avatar mvdriel avatar ahelal avatar starcraft66 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.