Skip to content

Ansible role which installs and configures ufw

License

Notifications You must be signed in to change notification settings

alemairebe/ansible-ufw

 
 

Repository files navigation

Ansible weareinteractive.ufw role

Build Status Galaxy GitHub Tags GitHub Stars

weareinteractive.ufw is an Ansible role which:

  • installs ufw
  • configures ufw
  • configures ufw rules
  • configures service

Installation

Using ansible-galaxy:

$ ansible-galaxy install weareinteractive.ufw

Using requirements.yml:

- src: weareinteractive.ufw

Using git:

$ git clone https://github.com/weareinteractive/ansible-ufw.git weareinteractive.ufw

Dependencies

  • Ansible >= 2.4

Variables

Here is a list of all the default variables for this role, which are also available in defaults/main.yml.

---
# ufw_rules:
#   - { [port: ""] [rule: allow] [proto: any] [from_ip: any] [to_ip: any] [comment: 'rule comment']}
# ufw_applications:
#   - { name: OpenSSH [rule: allow, from_ip: any] }
#

# package name (version)
# depricated: `ufw_package` will be removed in future releases! Use `ufw_packages`
ufw_package: ufw
# added to support systems where ufw packages are split up
ufw_packages:
  - "{{ ufw_package }}"
# list of rules
ufw_rules: [{ port: 22, rule: allow }]
# list of profiles located in /etc/ufw/applications.d
ufw_applications: []
# /etc/defaut/ufw settings
ufw_ipv6: "yes"
ufw_default_input_policy: DROP
ufw_default_output_policy: ACCEPT
ufw_default_forward_policy: DROP
ufw_default_application_policy: SKIP
# firewall state: enabled | disabled
ufw_state: enabled
ufw_logging: "off"
# always reset the firewall
ufw_reset: yes

Handlers

These are the handlers that are defined in handlers/main.yml.

---

- name: reload ufw
  ufw:
    state: reloaded
  when: ufw_state == 'enabled'

Usage

This is an example playbook:

---

- hosts: all
  become: yes
  roles:
    - weareinteractive.ufw
  vars:
    ufw_rules:
      - { port: 22, rule: allow, comment: 'Allow SSH' }
      - { port: 80, rule: allow }
      - { from_ip: '127.0.0.1/8', comment: 'Allow localhost' }
      - { from_ip: '127.0.42.0/24', rule: deny }
    ufw_default_forward_policy: ACCEPT
    ufw_logging: full
    ufw_applications:
     - { name: "OpenSSH" }

Testing

$ git clone https://github.com/weareinteractive/ansible-ufw.git
$ cd ansible-ufw
$ make test

Contributing

In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Note: To update the README.md file please install and run ansible-role:

$ gem install ansible-role
$ ansible-role docgen

License

Copyright (c) We Are Interactive under the MIT license.

About

Ansible role which installs and configures ufw

Resources

License

Stars

Watchers

Forks

Packages

No packages published