106 lines
2.5 KiB
YAML
106 lines
2.5 KiB
YAML
- name: Install UFW
|
|
apt:
|
|
name:
|
|
- ufw
|
|
state: latest
|
|
install_recommends: false
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
- name: UFW allow {{ wireguard_port }} UDP for Wireguard
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: 0.0.0.0/0
|
|
dest: any
|
|
proto: udp
|
|
port: {{ wireguard_port }}
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
- name: UFW allow {{ ssh_port }} TCP
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: {{ wireguard_mesh_subnet }}/16
|
|
dest: any
|
|
proto: tcp
|
|
port: {{ ssh_port }}
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
- name: UFW allow 8870 from {{ oracle_ipv4_cidr_block }}/16 TCP for Socks Proxy
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: {{ oracle_ipv4_cidr_block }}/16
|
|
dest: any
|
|
proto: tcp
|
|
port: 8870
|
|
when:
|
|
- inventory_hostname in groups["oracle"]
|
|
|
|
- name: UFW allow 8870 from {{ wireguard_mesh_subnet }}/16 TCP for Socks Proxy
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: {{ wireguard_mesh_subnet }}/16
|
|
dest: any
|
|
proto: tcp
|
|
port: 8870
|
|
|
|
- name: UFW allow NFS TCP
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: {{ wireguard_mesh_subnet }}/16
|
|
dest: any
|
|
proto: tcp
|
|
port: 2049
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
- name: UFW allow 80 TCP
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: any
|
|
dest: any
|
|
proto: tcp
|
|
port: 80
|
|
when: inventory_hostname == 'oracle4'
|
|
|
|
- name: UFW allow 443 TCP
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: any
|
|
dest: any
|
|
proto: tcp
|
|
port: 443
|
|
when: inventory_hostname == 'oracle4'
|
|
|
|
- name: UFW allow 443 UDP
|
|
community.general.ufw:
|
|
rule: allow
|
|
src: any
|
|
dest: any
|
|
proto: udp
|
|
port: 443
|
|
when: inventory_hostname == 'oracle4'
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
- name: UFW default deny routed
|
|
community.general.ufw:
|
|
default: deny
|
|
direction: routed
|
|
|
|
- name: UFW default deny incoming
|
|
community.general.ufw:
|
|
default: deny
|
|
direction: incoming
|
|
|
|
- name: UFW default allow outgoing
|
|
community.general.ufw:
|
|
default: allow
|
|
direction: outgoing
|
|
|
|
# ----------------------------------------------------------------------------------------------------
|
|
|
|
- name: UFW enable
|
|
community.general.ufw:
|
|
state: enabled |