weareinteractive.ufw

Panoramica Versioni Approfondimenti

Ansible weareinteractive.ufw Role

Build Status Galaxy GitHub Tags GitHub Stars

weareinteractive.ufw is an Ansible role that:

  • Installs UFW (Uncomplicated Firewall)
  • Configures UFW
  • Sets UFW rules
  • Configures the UFW service

Installation

To install using ansible-galaxy, run:

$ ansible-galaxy install weareinteractive.ufw

With requirements.yml, add the following:

- src: weareinteractive.ufw

Using git, run:

$ git clone https://github.com/weareinteractive/ansible-ufw.git weareinteractive.ufw

Dependencies

  • Ansible version 2.10 or higher

Variables

Here are the default variables for this role, found in defaults/main.yml:

---
# Start the UFW service and enable it on system boot
ufw_enabled: true

# List of packages to install
ufw_packages: ["ufw"]

# The name of the service
ufw_service: ufw

# List of UFW rules to apply
# Check the documentation: https://docs.ansible.com/ansible/latest/collections/community/general/ufw_module.html
ufw_rules:
  - rule: allow
    to_port: 22

# Manage the configuration file
ufw_manage_config: false

# UFW configuration settings
ufw_config:
  IPV6: "yes"
  DEFAULT_INPUT_POLICY: DROP
  DEFAULT_OUTPUT_POLICY: ACCEPT
  DEFAULT_FORWARD_POLICY: DROP
  DEFAULT_APPLICATION_POLICY: SKIP
  MANAGE_BUILTINS: "no"
  IPT_SYSCTL: /etc/ufw/sysctl.conf
  IPT_MODULES: ""

# Path to the configuration file
ufw_config_file: /etc/default/ufw

Handlers

These are the handlers defined in handlers/main.yml:

---

- name: reset ufw
  community.general.ufw:
    state: reset

- name: reload ufw
  community.general.ufw:
    state: reloaded
  when: ufw_enabled | bool

Usage

Here’s an example playbook:

# @see https://docs.ansible.com/ansible/latest/collections/community/general/ufw_module.html#examples
---

- hosts: all
  become: true
  roles:
    - weareinteractive.ufw
  vars:
    ufw_rules:
      # Set logging level
      - logging: "full"
      # Allow OpenSSH connections
      - rule: allow
        name: OpenSSH
      # Remove OpenSSH rule
      - rule: allow
        name: OpenSSH
        delete: true
      # Allow all access to TCP port 80
      - rule: allow
        to_port: '80'
        proto: tcp
    # Manage the configuration file
    ufw_manage_config: true
    # UFW configuration settings
    ufw_config:
      IPV6: "yes"
      DEFAULT_INPUT_POLICY: DROP
      DEFAULT_OUTPUT_POLICY: ACCEPT
      DEFAULT_FORWARD_POLICY: DROP
      DEFAULT_APPLICATION_POLICY: SKIP
      MANAGE_BUILTINS: "no"
      IPT_SYSCTL: /etc/ufw/sysctl.conf
      IPT_MODULES: ""

Testing

To test the role, run:

$ git clone https://github.com/weareinteractive/ansible-ufw.git
$ cd ansible-ufw
$ make test

Contributing

To contribute, please follow these steps:

  1. Fork the repository
  2. Create a new branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to your branch (git push origin my-new-feature)
  5. Create a new Pull Request

Note: To update the README.md file, install and run ansible-readme:

$ gem install ansible-readme
$ ansible-readme

License

Copyright (c) We Are Interactive under the MIT license.

Informazioni sul progetto

Installs and configures ufw

role firewall network security system ufw
Installa
ansible-galaxy install weareinteractive.ufw
GitHub repository
71 stelle
38 fork
3 problemi aperti
Licenza
mit
Download
240.4k
Proprietario