A basic role to install ufw and rules indicated in the defaults folder.
The role needs the variables set correctly on a separate file indicating the port, name, interface and optional from * to IP addresses. Please see example in Role Variables
below.
fw_direction: in
fw_rule: allow
fw_proto: tcp
based on the defaults above, the firewall rule in sample01.yml
indicated below will allow tcp in via port 22 or if the ip corresponds with the values below.
sample01.yml
fw:
sample01:
- { port: 22, name: sample01 | Allow port 22 }
- { from_ip 192.128.128.24, to_ip: 192.128.128.25, name: sample01 | Allow from and to IP }
Rule sample02.yml
on the other hand, allows incoming tcp connection via port 44
sample02.yml
fw:
sample02:
- { port: 44, name: sample02 | Allow port 44 }
Note that the key for the rule values should correspond to the filename; ie. sample01
<--> sample01.yml
- hosts: server1
roles:
- { role: firewall, vars: { fw_list: [sample01] } }
- hosts: server2
roles:
- { role: firewall, vars: { fw_list: [sample01, sample02] } }