UFW-Firewall
Configure UFW role.
Port ranges need to be encased in quotes and the protocol has to be specified
- rule: allow
port: "666:700"
source: 2.2.2.2
protocol: tcp
Requirements
Role Variables
Variable | Required | Default | Choices | Comments |
---|---|---|---|---|
ufw_conf | no | true | true, false | opt-in to enable ufw role |
ufw_enable_firewall | no | true | Boolean: true or false | var to enable or disable the firewall, independent if there are configured rules |
ufw_eth_default_rules | no | true | true, false | Create eth-internal zone for ETH-Networks and allow SSH for this zone |
ufw_eth_default_zabbix | no | false | true, false | port 10050 and protocol tcp for Zabbix Monitoring |
ufw_rules | no | [] | list of firewall rules | Internal variable to consolidate all the dedicated firewall rules, see firewall_rules_+ variables |
ufw_resetallrules | no | false | Boolean: true or false | special var to reset all set rules, at the start of the ufw task |
Dependencies
This role depends on the community.general.ufw
task.
Example Playbook
Include the role within the playbook if you expect to interprete the ufw_rules variables defined in groups or directly on the host:
- hosts: localhost
vars:
ufw_conf: true
ufw_eth_default_rules: true
ufw_eth_default_zabbix: true
ufw_rules:
- rule: allow
source: 0.0.0.0/0
port: 32400
- rule: deny
port: 8888
source: 1.1.1.1
- rule: reject
port: 5555
source: 2.2.2.2
roles:
- role: /local/home/sysop/jammy-stg/jammy/roles/jammy_ufw/
License
BSD
Author Information
Philipp Sauter
ETH Zürich, CxS Linux Engineering Squad: linux4d@id.ethz.ch