44 lines
793 B
YAML
44 lines
793 B
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for firewall
|
|
#
|
|
- name: Ensure ufw is installed
|
|
ansible.builtin.apt:
|
|
name: ufw
|
|
state: present
|
|
update_cache: true
|
|
become: true
|
|
|
|
- name: Enable ufw
|
|
community.general.ufw:
|
|
state: enabled
|
|
become: true
|
|
|
|
- name: Allow SSH
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: 22
|
|
proto: tcp
|
|
become: true
|
|
|
|
# Allow ports for check_mk
|
|
- name: Allow port 161 for check_mk
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: 161
|
|
proto: udp
|
|
become: true
|
|
- name: Allow port 6556 for check_mk
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: 6556
|
|
proto: tcp
|
|
become: true
|
|
|
|
# Set default policy
|
|
- name: Set default incoming policy to deny
|
|
community.general.ufw:
|
|
default: deny
|
|
direction: incoming
|
|
become: true
|