106 lines
2.5 KiB
YAML
106 lines
2.5 KiB
YAML
|
- name: Install UFW
|
||
|
apt:
|
||
|
name:
|
||
|
- ufw
|
||
|
state: latest
|
||
|
install_recommends: false
|
||
|
|
||
|
# ----------------------------------------------------------------------------------------------------
|
||
|
|
||
|
- name: UFW allow {{ wireguard_port }} UDP for Wireguard
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: 0.0.0.0/0
|
||
|
dest: any
|
||
|
proto: udp
|
||
|
port: {{ wireguard_port }}
|
||
|
|
||
|
# ----------------------------------------------------------------------------------------------------
|
||
|
|
||
|
- name: UFW allow {{ ssh_port }} TCP
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: {{ wireguard_mesh_subnet }}/16
|
||
|
dest: any
|
||
|
proto: tcp
|
||
|
port: {{ ssh_port }}
|
||
|
|
||
|
# ----------------------------------------------------------------------------------------------------
|
||
|
|
||
|
- name: UFW allow 8870 from {{ oracle_ipv4_cidr_block }}/16 TCP for Socks Proxy
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: {{ oracle_ipv4_cidr_block }}/16
|
||
|
dest: any
|
||
|
proto: tcp
|
||
|
port: 8870
|
||
|
when:
|
||
|
- inventory_hostname in groups["oracle"]
|
||
|
|
||
|
- name: UFW allow 8870 from {{ wireguard_mesh_subnet }}/16 TCP for Socks Proxy
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: {{ wireguard_mesh_subnet }}/16
|
||
|
dest: any
|
||
|
proto: tcp
|
||
|
port: 8870
|
||
|
|
||
|
- name: UFW allow NFS TCP
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: {{ wireguard_mesh_subnet }}/16
|
||
|
dest: any
|
||
|
proto: tcp
|
||
|
port: 2049
|
||
|
|
||
|
# ----------------------------------------------------------------------------------------------------
|
||
|
|
||
|
- name: UFW allow 80 TCP
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: any
|
||
|
dest: any
|
||
|
proto: tcp
|
||
|
port: 80
|
||
|
when: inventory_hostname == 'oracle4'
|
||
|
|
||
|
- name: UFW allow 443 TCP
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: any
|
||
|
dest: any
|
||
|
proto: tcp
|
||
|
port: 443
|
||
|
when: inventory_hostname == 'oracle4'
|
||
|
|
||
|
- name: UFW allow 443 UDP
|
||
|
community.general.ufw:
|
||
|
rule: allow
|
||
|
src: any
|
||
|
dest: any
|
||
|
proto: udp
|
||
|
port: 443
|
||
|
when: inventory_hostname == 'oracle4'
|
||
|
|
||
|
# ----------------------------------------------------------------------------------------------------
|
||
|
|
||
|
- name: UFW default deny routed
|
||
|
community.general.ufw:
|
||
|
default: deny
|
||
|
direction: routed
|
||
|
|
||
|
- name: UFW default deny incoming
|
||
|
community.general.ufw:
|
||
|
default: deny
|
||
|
direction: incoming
|
||
|
|
||
|
- name: UFW default allow outgoing
|
||
|
community.general.ufw:
|
||
|
default: allow
|
||
|
direction: outgoing
|
||
|
|
||
|
# ----------------------------------------------------------------------------------------------------
|
||
|
|
||
|
- name: UFW enable
|
||
|
community.general.ufw:
|
||
|
state: enabled
|