UFW-Firewall
Configure UFW role.
Requirements
Role Variables
| Variable | Required | Default | Choices | Comments |
|---|---|---|---|---|
| ufw_conf | no | true | true, false | opt-in to enable ufw role |
| ufw_enable_firewall | no | true | Boolean: true or false | var to enable or disable the firewall, independent if there are configured rules |
| ufw_eth_default_rules | no | true | true, false | Create eth-internal zone for ETH-Networks and allow SSH for this zone |
| ufw_eth_default_zabbix | no | false | true, false | port 10050 and protocol tcp for Zabbix Monitoring |
| ufw_rules | no | [] | list of firewall rules | Internal variable to consolidate all the dedicated firewall rules, see firewall_rules_+ variables |
| ufw_resetallrules | no | false | Boolean: true or false | special var to reset all set rules, at the start of the ufw task |
Dependencies
This role depends on the community.general.ufw task.
Example Playbook
Include the role within the playbook if you expect to interprete the ufw_rules variables defined in groups or directly on the host:
- hosts: localhost
vars:
ufw_conf: true
ufw_eth_default_rules: true
ufw_eth_default_zabbix: true
ufw_rules:
- rule: allow
source: 0.0.0.0/0
port: 32400
- rule: deny
port: 8888
source: 1.1.1.1
- rule: reject
port: 5555
source: 2.2.2.2
# Port ranges need to be encased in quotes and the protocol has to be specified
- rule: allow
port: "666:700"
source: 2.2.2.2
protocol: tcp
roles:
- role: /local/home/sysop/noble-stg/noble/roles/noble_ufw/
License
BSD
Author Information
ETH Zürich, CxS Linux Engineering Squad: linux4d@id.ethz.ch