Skip to content
Snippets Groups Projects
Select Git revision
  • 12be04f0e221af89999a018fe605c7e76e914d79
  • master default protected
2 results

README.md

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    configure_ufw.yml 972 B
    ---
    - name: setup firewall
      become: true
      hosts: all
      tasks:
        # setup ufw ssh exception/limiting rules
        - name: allow ssh access from specified ip ranges
          ufw:
            rule: allow
            from_ip: "{{ item }}"
            to_port: 22
            proto: tcp
          with_items: "{{ ufw_ssh_allowed_from }}"
    
        - name: rate limiting ssh access
          ufw:
            rule: limit
            to_port: 22
            proto: tcp
    
        # setup nginx web server exception rule
        - name: allow access of nginx webserver from everywhere
          ufw:
            rule: allow
            name: Nginx Full
    
        # set default deny rules
        - name: deny any other incoming traffic by default
          ufw:
            state: enabled
            default: deny
            direction: incoming
        # set default allow rule for outgoing, FIXME: do it more granulary (only http/https)
        - name: allow any outgoing traffic by default
          ufw:
            state: enabled
            default: allow
            direction: outgoing