Add UFW firewall for debian based distro
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed

This commit is contained in:
Ada 2024-04-17 11:19:14 +02:00
parent b7c5c87319
commit 46bbe11161
Signed by: ada
GPG key ID: 6A7F898157C6DE6E
4 changed files with 29 additions and 2 deletions

View file

@ -10,7 +10,9 @@
- journald - journald
- sshd - sshd
- role: timesyncd - role: timesyncd
when: ansible_facts['os_family'] == "Ubuntu" when: ansible_facts['os_family'] == "Debian"
- role: ufw
when: ansible_facts['os_family'] == "Debian"
- name: Resolver - name: Resolver
hosts: resolver hosts: resolver

View file

@ -10,7 +10,9 @@
- journald - journald
- sshd - sshd
- role: timesyncd - role: timesyncd
when: ansible_facts['os_family'] == "Ubuntu" when: ansible_facts['os_family'] == "Debian"
- role: ufw
when: ansible_facts['os_family'] == "Debian"
post_tasks: post_tasks:
- name: Clean cloud-init - name: Clean cloud-init
ansible.builtin.command: cloud-init clean ansible.builtin.command: cloud-init clean

View file

@ -19,3 +19,12 @@
mode: "0644" mode: "0644"
notify: notify:
- Restart knot resolver - Restart knot resolver
- name: Allow port 53 (DNS)
community.general.ufw:
rule: allow
port: "{{ item.port }}"
proto: "{{ item.proto }}"
with_items:
- { port: "53", proto: "tcp" }
- { port: "53", proto: "udp" }

View file

@ -0,0 +1,14 @@
---
- name: Install UFW
ansible.builtin.apt:
name: ufw
- name: Allow 22/tcp (SSH)
community.general.ufw:
rule: allow
port: "22"
proto: tcp
- name: Enable UFW
community.general.ufw:
state: enabled