Skip to content
Snippets Groups Projects
Select Git revision
  • 12be04f0e221af89999a018fe605c7e76e914d79
  • master default protected
2 results

README.md

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    configure_ufw.yml 972 B 
    ---
- name: setup firewall
  become: true
  hosts: all
  tasks:
    # setup ufw ssh exception/limiting rules
    - name: allow ssh access from specified ip ranges
      ufw:
        rule: allow
        from_ip: "{{ item }}"
        to_port: 22
        proto: tcp
      with_items: "{{ ufw_ssh_allowed_from }}"

    - name: rate limiting ssh access
      ufw:
        rule: limit
        to_port: 22
        proto: tcp

    # setup nginx web server exception rule
    - name: allow access of nginx webserver from everywhere
      ufw:
        rule: allow
        name: Nginx Full

    # set default deny rules
    - name: deny any other incoming traffic by default
      ufw:
        state: enabled
        default: deny
        direction: incoming
    # set default allow rule for outgoing, FIXME: do it more granulary (only http/https)
    - name: allow any outgoing traffic by default
      ufw:
        state: enabled
        default: allow
        direction: outgoing