Select Git revision
-
AndiMajore authored
Former-commit-id: af723743
AndiMajore authoredFormer-commit-id: af723743
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
configure_ufw.yml 972 B
---
- name: setup firewall
become: true
hosts: all
tasks:
# setup ufw ssh exception/limiting rules
- name: allow ssh access from specified ip ranges
ufw:
rule: allow
from_ip: "{{ item }}"
to_port: 22
proto: tcp
with_items: "{{ ufw_ssh_allowed_from }}"
- name: rate limiting ssh access
ufw:
rule: limit
to_port: 22
proto: tcp
# setup nginx web server exception rule
- name: allow access of nginx webserver from everywhere
ufw:
rule: allow
name: Nginx Full
# set default deny rules
- name: deny any other incoming traffic by default
ufw:
state: enabled
default: deny
direction: incoming
# set default allow rule for outgoing, FIXME: do it more granulary (only http/https)
- name: allow any outgoing traffic by default
ufw:
state: enabled
default: allow
direction: outgoing