33 lines
757 B
YAML
33 lines
757 B
YAML
- name: Install Uncomplicated Firewall
|
|
ansible.builtin.package:
|
|
name: ufw
|
|
state: present
|
|
|
|
# UFW logging can full up the kernel (dmesg) and message logs
|
|
- name: Disable logging
|
|
community.general.ufw:
|
|
logging: 'off'
|
|
|
|
- name: Allow OpenSSH inbound
|
|
community.general.ufw:
|
|
rule: allow
|
|
name: OpenSSH # Uses standard profile located in /etc/ufw/applications.d
|
|
|
|
- name: Apply rate limiting to ssh inbound
|
|
community.general.ufw:
|
|
rule: limit
|
|
port: ssh
|
|
proto: tcp
|
|
|
|
- name: Enable ufw system service
|
|
ansible.builtin.service:
|
|
name: ufw
|
|
state: started
|
|
enabled: yes
|
|
|
|
# This is necessary in addition to enabling the system service
|
|
- name: Enable ufw rules
|
|
community.general.ufw:
|
|
state: enabled
|
|
policy: deny
|