Codestin Search App

ufw

Set up ufw in Debian-like systems.

Requirements

None

Variables

ufw_default_incoming_policy [default: deny]: Default (incoming) policy
ufw_default_outgoing_policy [default: allow]: Default (outgoing) policy
ufw_logging [default: off]: Log level
ufw_rules [default: see defaults/main.yml]: Rules to apply
ufw_etc_default_ipv6 [default: true]: Set to yes to apply rules to support IPv6
ufw_etc_default_default_input_policy [default: DROP]: Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules
ufw_etc_default_default_output_policy [default: ACCEPT]: Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if you change this you will most likely want to adjust your rules
ufw_etc_default_default_forward_policy [default: DROP]: Set the default forward policy to ACCEPT, DROP or REJECT. Please note that if you change this you will most likely want to adjust your rules
ufw_etc_default_default_application_policy [default: SKIP]: Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please note that setting this to ACCEPT may be a security risk
ufw_etc_default_manage_builtins [default: false]: By default, ufw only touches its own chains. Set this to 'yes' to have ufw manage the built-in chains too. Warning: setting this to 'yes' will break non-ufw managed firewall rules
ufw_etc_default_ipt_sysctl [default: /etc/ufw/sysctl.conf]: IPT backend, only enable if using iptables backend
ufw_etc_default_ipt_modules [default: [nf_conntrack_ftp, nf_nat_ftp, nf_conntrack_netbios_ns]]: Extra connection tracking modules to load. Complete list can be found in net/netfilter/Kconfig of your kernel source

Dependencies

None

Example

---
- hosts: all
  roles:
    - oefenweb.ufw

Allow ssh

- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        to_port: 22
        protocol: tcp
        comment: 'allow incoming connection on standard ssh port'

Allow all traffic on eth1

- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth1
        to_port: ''
        comment: 'allow all traffic on interface eth1'

Allow snmp traffic from 1.2.3.4 on eth0

- hosts: all
  roles:
    - oefenweb.ufw
  vars:
    ufw_rules:
      - rule: allow
        interface: eth0
        from_ip: 1.2.3.4
        to_port: 161
        protocol: udp

License

MIT

Author Information

Mischa ter Smitten (based on work of weareinteractive)

Feedback, bug-reports, requests, ...

Are welcome!

Name		Name	Last commit message	Last commit date
Latest commit History 156 Commits
.github/workflows		.github/workflows
defaults		defaults
files		files
handlers		handlers
meta		meta
molecule/default		molecule/default
tasks		tasks
templates/etc		templates/etc
tests		tests
vars		vars
.ansible-lint		.ansible-lint
.gitignore		.gitignore
.yamllint		.yamllint
Dockerfile		Dockerfile
LICENSE.txt		LICENSE.txt
README.md		README.md
Vagrantfile		Vagrantfile
requirements.yml		requirements.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

ufw

Requirements

Variables

Dependencies

Example

Allow ssh

Allow all traffic on eth1

Allow snmp traffic from 1.2.3.4 on eth0

License

Author Information

Feedback, bug-reports, requests, ...

About

Uh oh!

Releases 16

Packages

Uh oh!

Contributors 6

Uh oh!

Languages

License

Oefenweb/ansible-ufw

Folders and files

Latest commit

History

Repository files navigation

ufw

Requirements

Variables

Dependencies

Example

Allow ssh

Allow all traffic on eth1

Allow snmp traffic from 1.2.3.4 on eth0

License

Author Information

Feedback, bug-reports, requests, ...

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 16

Packages 0

Uh oh!

Contributors 6

Uh oh!

Languages

Packages