UFW-Firewall

Configure UFW role.

Port ranges need to be encased in quotes and the protocol has to be specified

     -  rule: allow
        port: "666:700"
        source: 2.2.2.2
        protocol: tcp

Requirements

Role Variables

Variable	Required	Default	Choices	Comments
ufw_conf	no	true	true, false	opt-in to enable ufw role
ufw_enable_firewall	no	true	Boolean: true or false	var to enable or disable the firewall, independent if there are configured rules
ufw_eth_default_rules	no	true	true, false	Create eth-internal zone for ETH-Networks and allow SSH for this zone
ufw_eth_default_zabbix	no	false	true, false	port 10050 and protocol tcp for Zabbix Monitoring
ufw_rules	no	[]	list of firewall rules	Internal variable to consolidate all the dedicated firewall rules, see firewall_rules_+ variables
ufw_resetallrules	no	false	Boolean: true or false	special var to reset all set rules, at the start of the ufw task

Dependencies

This role depends on the community.general.ufw task.

Example Playbook

Include the role within the playbook if you expect to interprete the ufw_rules variables defined in groups or directly on the host:

- hosts: localhost
  vars:
    ufw_conf: true
    ufw_eth_default_rules: true
    ufw_eth_default_zabbix: true
    ufw_rules:
    -  rule: allow
       source: 0.0.0.0/0
       port: 32400
    -  rule: deny
       port: 8888
       source: 1.1.1.1
    -  rule: reject
       port: 5555
       source: 2.2.2.2
  roles:
  - role: /local/home/sysop/jammy-stg/jammy/roles/jammy_ufw/

License

BSD

Author Information

Philipp Sauter

ETH Zürich, CxS Linux Engineering Squad: linux4d@id.ethz.ch