Install UWF (Uncomplicated Firewall) and create (or remove) rules.
Debian Bullseye / Bookworm with the package python-pycurl and python-software-properties installed.
Set the default policy:
ufw_default_policy:
- { direction: "incoming", policy: "deny" }
Add or remove rules:
ufw_rules_to_create: []
ufw_rules_to_delete: []
Both ufw_rules_to_create
and ufw_rules_to_delete
accept a list of dictionaries, like so:
ufw_rules_to_create:
- direction: in
from_ip: 1.2.3.4
from_port: 5678
interface: eth0
proto: tcp
rule: allow
to_ip: 5.6.7.8
to_port: 1234
- hosts: servers
roles:
- role: f500.ufw
ufw_rules_to_create:
- { to_port: 22 }
- { to_port: 80 }
- { to_port: 443 }
Copyright (C) 2017 Future500 B.V.
Jasper N. Brouwer, [email protected]
Ramon de la Fuente, [email protected]