31 lines
525 B
YAML
31 lines
525 B
YAML
---
|
|
|
|
- name: install base packages
|
|
apt:
|
|
name: ufw
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: deny all incoming traffic
|
|
ufw:
|
|
policy: deny
|
|
direction: incoming
|
|
|
|
- name: allow all outgoing traffic
|
|
ufw:
|
|
policy: allow
|
|
direction: outgoing
|
|
|
|
- name: incoming rules
|
|
ufw:
|
|
rule: allow
|
|
direction: in
|
|
to_port: "{{ item.port if 'port' in item else item }}"
|
|
proto: "{{ item.proto if 'proto' in item else 'tcp' }}"
|
|
loop: "{{ ufw_allow }}"
|
|
|
|
|
|
- name: enable ufw
|
|
ufw:
|
|
state: enabled
|