change to ufw from firewalld
This commit is contained in:
parent
6cd64d6f29
commit
2677085a15
@ -1,3 +1,4 @@
|
||||
---
|
||||
collections:
|
||||
- ansible.posix
|
||||
- ansible.posix
|
||||
- community.general
|
||||
@ -1,27 +0,0 @@
|
||||
---
|
||||
- name: "Install Docker via apt"
|
||||
apt:
|
||||
update_cache: yes
|
||||
state: present
|
||||
name:
|
||||
- firewalld
|
||||
|
||||
- name: Start and enable firewalld
|
||||
service:
|
||||
name: firewalld
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Permit traffic in public zone for https service
|
||||
ansible.posix.firewalld:
|
||||
zone: public
|
||||
service: https
|
||||
permanent: yes
|
||||
state: enabled
|
||||
|
||||
- name: Permit traffic in public zone for ssh service
|
||||
ansible.posix.firewalld:
|
||||
zone: public
|
||||
service: ssh
|
||||
permanent: yes
|
||||
state: enabled
|
||||
@ -4,7 +4,7 @@
|
||||
- include_tasks: clean-motd.yaml
|
||||
- include_tasks: remove-snap.yaml
|
||||
- include_tasks: disable-cloudinit.yaml
|
||||
- include_tasks: firewalld.yaml
|
||||
- include_tasks: ufw.yaml
|
||||
- include_tasks: service-user.yaml
|
||||
- include_tasks: ssh-security-settings.yaml
|
||||
- include_tasks: timesync.yaml
|
||||
20
roles/common/tasks/ufw.yaml
Normal file
20
roles/common/tasks/ufw.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: "Install ufw via apt"
|
||||
apt:
|
||||
update_cache: yes
|
||||
state: present
|
||||
name:
|
||||
- ufw
|
||||
|
||||
- name: Enable ufw
|
||||
community.general.ufw:
|
||||
state: enabled
|
||||
|
||||
- name: Reset ufw rules to default
|
||||
community.general.ufw:
|
||||
state: reset
|
||||
|
||||
- name: Allow ssh via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: ssh
|
||||
@ -11,3 +11,9 @@
|
||||
name: mariadb
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Allow mysql port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: 3306
|
||||
proto: tcp
|
||||
|
||||
@ -11,3 +11,9 @@
|
||||
name: postgresql
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Allow postgresql port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: 5432
|
||||
proto: tcp
|
||||
|
||||
@ -25,3 +25,8 @@
|
||||
name: postfix
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Allow smtp port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: smtp
|
||||
@ -13,3 +13,13 @@
|
||||
name: apache2
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Allow http port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: http
|
||||
|
||||
- name: Allow https port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: https
|
||||
|
||||
@ -21,3 +21,8 @@
|
||||
name: apache2
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Allow https port via ufw
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: https
|
||||
|
||||
Loading…
Reference in New Issue
Block a user