Skip to content
Snippets Groups Projects
Select Git revision
  • b1f92530303295edec812c29fcb2b06dcc582186
  • development default
  • production protected
3 results

views.py

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    configure_ufw.yml 972 B
    ---
    - name: setup firewall
      become: true
      hosts: all
      tasks:
        # setup ufw ssh exception/limiting rules
        - name: allow ssh access from specified ip ranges
          ufw:
            rule: allow
            from_ip: "{{ item }}"
            to_port: 22
            proto: tcp
          with_items: "{{ ufw_ssh_allowed_from }}"
    
        - name: rate limiting ssh access
          ufw:
            rule: limit
            to_port: 22
            proto: tcp
    
        # setup nginx web server exception rule
        - name: allow access of nginx webserver from everywhere
          ufw:
            rule: allow
            name: Nginx Full
    
        # set default deny rules
        - name: deny any other incoming traffic by default
          ufw:
            state: enabled
            default: deny
            direction: incoming
        # set default allow rule for outgoing, FIXME: do it more granulary (only http/https)
        - name: allow any outgoing traffic by default
          ufw:
            state: enabled
            default: allow
            direction: outgoing