This role will install and configure the firewall. It supports ufw, firewalld.
For Ubuntu firewall service ufw and RHEL/CentOS 7 or later, the firewalld module is used to configure the firewall.
ansible.posix.firewalldcollectioncommunity.general.ufwCollection
These variables apply to all firewall types:
firewalld specific variables:
| Name | Default Value | Description |
|---|---|---|
firewalld_default_zone |
public |
Default zone. |
firewalld_zone_interfaces |
[] |
Zone interface. |
firewalld_allowed_tcp_ports |
['22'] |
List of allowed TCP ports. |
firewalld_allowed_udp_ports |
['161'] |
List of allowed UDP ports. |
firewalld_nat_rules |
[] |
Specify a source IP and destination port instead of opening the port globally. Optionally allow it only if it is new. With firewalld, this creates rich rules to the specified zone.. |
firewalld_rich_rules |
[] |
List of ports and their protocols to NAT. With firewalld, adds rich rules to the specified zone. |
firewalld_rules |
[] |
List of rules to pass to the firewalld module. Each module argument is optional. |
ufw specific variables:
| Name | Default Value | Description |
|---|---|---|
ufw_logging |
off |
UFW logging on or off. |
ufw_rules |
[] |
UFW Roles. |
- hosts: all
roles:
- role: asapdotid.firewallVariables pace in vars/main.yml on your project
firewalld_allowed_tcp_ports:
- 22
- 80
- 443
firewalld_allowed_udp_ports:
- 123
- 67
firewalld_nat_rules:
- protocol: tcp
original_port: 4022
translated_port: 22
firewalld_rich_rules:
- source: "10.0.1.17"
protocol: "tcp"
dest_port: 22
new: true
- source: "192.168.0.0/24"
protocol: "tcp"
dest_port: 22
firewalld_rules:
- service: "ssh"
immediate: "yes"
zone: "public"ufw_logging: "off"
ufw_rules:
- rule: "allow"
to_port: "ssh"
proto: "tcp"
comment: "allow incoming connection on standard ssh port"
# Delete rule
- rule: "allow"
to_port: "http"
proto: "tcp"
comment: "allow incoming connection on standard http port"
delete: trueMIT / BSD