Ansible weareinteractive.ufw role

weareinteractive.ufw is an Ansible role which:

installs ufw

configures ufw

configures ufw rules

configures service

Installation

Using ansible-galaxy:

$ ansible-galaxy install weareinteractive.ufw

Using requirements.yml:

- src: weareinteractive.ufw

Using git:

$ git clone https://github.com/weareinteractive/ansible-ufw.git weareinteractive.ufw

Dependencies

Ansible >= 2.10

Variables

Here is a list of all the default variables for this role, which are also available in defaults/main.yml.

---
# Start the service and enable it on system boot
ufw_enabled: true

# List of packages to install
ufw_packages: ["ufw"]

# The service name
ufw_service: ufw

# List of rules to be applied
# see https://docs.ansible.com/ansible/latest/collections/community/general/ufw_module.html for documentation
ufw_rules:
  - rule: allow
    to_port: 22

# Manage the configuration file
ufw_manage_config: false

# Configuration object passed to the configuration file
ufw_config:
  IPV6: "yes"
  DEFAULT_INPUT_POLICY: DROP
  DEFAULT_OUTPUT_POLICY: ACCEPT
  DEFAULT_FORWARD_POLICY: DROP
  DEFAULT_APPLICATION_POLICY: SKIP
  MANAGE_BUILTINS: "no"
  IPT_SYSCTL: /etc/ufw/sysctl.conf
  IPT_MODULES: ""

# Path to the configuration file
ufw_config_file: /etc/default/ufw

Handlers

These are the handlers that are defined in handlers/main.yml.

---

- name: reset ufw
  community.general.ufw:
    state: reset

- name: reload ufw
  community.general.ufw:
    state: reloaded
  when: ufw_enabled | bool

Usage

This is an example playbook:

# @see https://docs.ansible.com/ansible/latest/collections/community/general/ufw_module.html#examples
---

- hosts: all
  become: true
  roles:
    - weareinteractive.ufw
  vars:
    ufw_rules:
      # Set loggin
      - logging: "full"
      # Allow OpenSSH
      - rule: allow
        name: OpenSSH
      # Delete OpenSSH rule
      - rule: allow
        name: OpenSSH
        delete: true
      # Allow all access to tcp port 80
      - rule: allow
        to_port: '80'
        proto: tcp
    # Manage the configuration file
    ufw_manage_config: true
    # Configuration object passed to the configuration file
    ufw_config:
      IPV6: "yes"
      DEFAULT_INPUT_POLICY: DROP
      DEFAULT_OUTPUT_POLICY: ACCEPT
      DEFAULT_FORWARD_POLICY: DROP
      DEFAULT_APPLICATION_POLICY: SKIP
      MANAGE_BUILTINS: "no"
      IPT_SYSCTL: /etc/ufw/sysctl.conf
      IPT_MODULES: ""

Testing

$ git clone https://github.com/weareinteractive/ansible-ufw.git
$ cd ansible-ufw
$ make test

Contributing

In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.

Fork it
Create your feature branch (git checkout -b my-new-feature)
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request

Note: To update the README.md file please install and run ansible-readme:

$ gem install ansible-readme
$ ansible-readme

License

Copyright (c) We Are Interactive under the MIT license.

Name		Name	Last commit message	Last commit date
Latest commit History 137 Commits
.vscode		.vscode
defaults		defaults
docs		docs
handlers		handlers
meta		meta
molecule/default		molecule/default
tasks		tasks
templates		templates
.ansible-lint		.ansible-lint
.clog.toml		.clog.toml
.editorconfig		.editorconfig
.gitignore		.gitignore
.travis.yml		.travis.yml
.yamllint		.yamllint
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
ansible.cfg		ansible.cfg

License

weareinteractive/ansible-ufw

Folders and files

Latest commit

History

Repository files navigation

Ansible weareinteractive.ufw role

Installation

Dependencies

Variables

Handlers

Usage

Testing

Contributing

License

About

Resources

License

Stars

Watchers

Forks

Languages