change to ufw from firewalld

This commit is contained in:
Torma Kristóf 2022-02-05 20:00:55 +01:00
parent 6cd64d6f29
commit 2677085a15
9 changed files with 55 additions and 29 deletions

View File

@ -1,3 +1,4 @@
---
collections:
- ansible.posix
- ansible.posix
- community.general

View File

@ -1,27 +0,0 @@
---
- name: "Install Docker via apt"
apt:
update_cache: yes
state: present
name:
- firewalld
- name: Start and enable firewalld
service:
name: firewalld
state: restarted
enabled: yes
- name: Permit traffic in public zone for https service
ansible.posix.firewalld:
zone: public
service: https
permanent: yes
state: enabled
- name: Permit traffic in public zone for ssh service
ansible.posix.firewalld:
zone: public
service: ssh
permanent: yes
state: enabled

View File

@ -4,7 +4,7 @@
- include_tasks: clean-motd.yaml
- include_tasks: remove-snap.yaml
- include_tasks: disable-cloudinit.yaml
- include_tasks: firewalld.yaml
- include_tasks: ufw.yaml
- include_tasks: service-user.yaml
- include_tasks: ssh-security-settings.yaml
- include_tasks: timesync.yaml

View File

@ -0,0 +1,20 @@
---
- name: "Install ufw via apt"
apt:
update_cache: yes
state: present
name:
- ufw
- name: Enable ufw
community.general.ufw:
state: enabled
- name: Reset ufw rules to default
community.general.ufw:
state: reset
- name: Allow ssh via ufw
community.general.ufw:
rule: allow
port: ssh

View File

@ -11,3 +11,9 @@
name: mariadb
state: restarted
enabled: yes
- name: Allow mysql port via ufw
community.general.ufw:
rule: allow
port: 3306
proto: tcp

View File

@ -11,3 +11,9 @@
name: postgresql
state: restarted
enabled: yes
- name: Allow postgresql port via ufw
community.general.ufw:
rule: allow
port: 5432
proto: tcp

View File

@ -25,3 +25,8 @@
name: postfix
state: restarted
enabled: yes
- name: Allow smtp port via ufw
community.general.ufw:
rule: allow
port: smtp

View File

@ -13,3 +13,13 @@
name: apache2
state: restarted
enabled: yes
- name: Allow http port via ufw
community.general.ufw:
rule: allow
port: http
- name: Allow https port via ufw
community.general.ufw:
rule: allow
port: https

View File

@ -21,3 +21,8 @@
name: apache2
state: restarted
enabled: yes
- name: Allow https port via ufw
community.general.ufw:
rule: allow
port: https