0
0
vps-set-up-playbook/roles/vps-ufw/tasks/main.yaml
2024-10-29 19:50:47 +08:00

74 lines
1.6 KiB
YAML

- name: Install UFW
apt:
name:
- ufw
state: latest
install_recommends: false
# ----------------------------------------------------------------------------------------------------
- name: Copy user.rules
template:
src: "user.rules.j2"
dest: "/etc/ufw/user.rules"
owner: root
group: root
mode: 0640
- name: Copy user6.rules
template:
src: "user6.rules.j2"
dest: "/etc/ufw/user6.rules"
owner: root
group: root
mode: 0640
# ----------------------------------------------------------------------------------------------------
- name: Copy user.rules (node-specific)
template:
src: "{{inventory_hostname}}.user.rules.j2"
dest: "/etc/ufw/user.rules"
owner: root
group: root
mode: 0640
ignore_errors: true
no_log: true
- name: Copy user6.rules (node-specific)
template:
src: "{{inventory_hostname}}.user6.rules.j2"
dest: "/etc/ufw/user6.rules"
owner: root
group: root
mode: 0640
ignore_errors: true
no_log: true
# ----------------------------------------------------------------------------------------------------
- name: UFW default deny routed
community.general.ufw:
default: deny
direction: routed
- name: UFW default deny incoming
community.general.ufw:
default: deny
direction: incoming
- name: UFW default allow outgoing
community.general.ufw:
default: allow
direction: outgoing
# ----------------------------------------------------------------------------------------------------
- name: UFW enable
community.general.ufw:
state: enabled
- name: UFW reload
community.general.ufw:
state: reloaded