thomas
/
sovereign
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Nenhuma descrição
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
627 Commits
1 Branch
Tag: e229c5519b
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de e229c5519b
${ noResults }
sovereign/roles/common/tasks/ufw.yml

ufw.yml 979B
Histórico Original

1234567891011121314151617181920212223242526272829303132333435363738394041424344 
  1. ---

  2. # Installs and configures ufw, which in turn uses iptables for firewall management

  3. 

  4. # ufw includes sensible icmp defaults

  5. - name: Install ufw

  6.   apt: pkg=ufw state=present

  7.   tags:

  8.     - dependencies

  9.     - ufw

  10. 

  11. - name: Deny everything

  12.   ufw: policy=deny

  13.   tags: ufw

  14. 

  15. - name: Set firewall rule for DNS

  16.   ufw: rule=allow port=domain

  17.   tags: ufw

  18. 

  19. - name: Set firewall rule for mosh

  20.   ufw: rule=allow port=60000:61000 proto=udp

  21.   tags: ufw

  22. 

  23. - name: Set firewall rules for web traffic and SSH

  24.   ufw: rule=allow port={{ item }} proto=tcp

  25.   with_items:

  26.     - http

  27.     - https

  28.     - ssh

  29.   tags: ufw

  30. 

  31. - name: Enable UFW

  32.   ufw: state=enabled

  33.   tags: ufw

  34. 

  35. - name: Check config of ufw

  36.   command: cat /etc/ufw/ufw.conf

  37.   register: ufw_config

  38.   changed_when: False  # never report as "changed"

  39.   tags: ufw

  40. 

  41. - name: Disable logging (workaround for known bug in Debian 7)

  42.   ufw: logging=off

  43.   when: "ansible_lsb['codename'] == 'wheezy' and 'LOGLEVEL=off' not in ufw_config.stdout"

  44.   tags: ufw