mike/infrastructure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add step to enable ufw rules

Browse Source
This commit is contained in:
Mike Wilson
2025-09-05 16:09:28 -04:00
parent 874c759f85
commit 458506e798
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ansible/roles/btc/tasks/ufw.yml
View File

@@ -3,6 +3,11 @@
name: ufw name: ufw
state: present state: present
# UFW logging can full up the kernel (dmesg) and message logs
- name: Disable logging
community.general.ufw:
logging: 'off'
- name: Allow OpenSSH inbound - name: Allow OpenSSH inbound
community.general.ufw: community.general.ufw:
rule: allow rule: allow
@@ -14,8 +19,14 @@
port: ssh port: ssh
proto: tcp proto: tcp
- name: Enable ufw - name: Enable ufw system service
ansible.builtin.service: ansible.builtin.service:
name: ufw name: ufw
state: started state: started
enabled: yes enabled: yes
# This is necessary in addition to enabling the system service
- name: Enable ufw rules
community.general.ufw:
state: enabled
policy: deny