weareinteractive.ufw
is an Ansible role which:
- installs ufw
- configures ufw
- configures ufw rules
- configures service
Using ansible-galaxy
:
$ ansible-galaxy install weareinteractive.ufw
Using requirements.yml
:
- src: weareinteractive.ufw
Using git
:
$ git clone https://github.com/weareinteractive/ansible-ufw.git weareinteractive.ufw
- Ansible >= 2.4
Here is a list of all the default variables for this role, which are also available in defaults/main.yml
.
---
# ufw_rules:
# - { [port: ""] [rule: allow] [proto: any] [from_ip: any] [to_ip: any] [comment: 'rule comment']}
# ufw_applications:
# - { name: OpenSSH [rule: allow, from_ip: any] }
#
# package name (version)
# depricated: `ufw_package` will be removed in future releases! Use `ufw_packages`
ufw_package: ufw
# added to support systems where ufw packages are split up
ufw_packages:
- "{{ ufw_package }}"
# list of rules
ufw_rules: [{ port: 22, rule: allow }]
# list of profiles located in /etc/ufw/applications.d
ufw_applications: []
# /etc/defaut/ufw settings
ufw_ipv6: "yes"
ufw_default_input_policy: DROP
ufw_default_output_policy: ACCEPT
ufw_default_forward_policy: DROP
ufw_default_application_policy: SKIP
# firewall state: enabled | disabled
ufw_state: enabled
ufw_logging: "off"
# always reset the firewall
ufw_reset: yes
These are the handlers that are defined in handlers/main.yml
.
---
- name: reload ufw
ufw:
state: reloaded
when: ufw_state == 'enabled'
This is an example playbook:
---
- hosts: all
become: yes
roles:
- weareinteractive.ufw
vars:
ufw_rules:
- { port: 22, rule: allow, comment: 'Allow SSH' }
- { port: 80, rule: allow }
- { from_ip: '127.0.0.1/8', comment: 'Allow localhost' }
- { from_ip: '127.0.42.0/24', rule: deny }
ufw_default_forward_policy: ACCEPT
ufw_logging: full
ufw_applications:
- { name: "OpenSSH" }
$ git clone https://github.com/weareinteractive/ansible-ufw.git
$ cd ansible-ufw
$ make test
In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
Note: To update the README.md
file please install and run ansible-role
:
$ gem install ansible-role
$ ansible-role docgen
Copyright (c) We Are Interactive under the MIT license.