aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar MarkKoz <[email protected]>2022-01-11 14:00:38 -0800
committerGravatar MarkKoz <[email protected]>2022-01-11 14:00:38 -0800
commit8a902cc4f541c45b3e0335b12661a88643668aad (patch)
tree8624e9a9c883707c6c5bac045d95b904b4c88fbb
parentUpdate local env setup instructions (diff)
Add basic UFW rules
Diffstat
-rw-r--r--roles/ufw/tasks/main.yml20
-rw-r--r--roles/ufw/vars/main.yml1
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/ufw/tasks/main.yml b/roles/ufw/tasks/main.yml
new file mode 100644
index 0000000..ff437f3
--- /dev/null
+++ b/roles/ufw/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Enable UFW and deny all traffic by default
+ community.general.ufw:
+ state: enabled
+ policy: deny
+
+- name: Allow OpenSSH
+ community.general.ufw:
+ rule: allow
+ name: OpenSSH
+
+- name: Allow WireGuard
+ community.general.ufw:
+ rule: allow
+ proto: udp
+ port: "{{ wireguard_port }}"
+ comment: "Allow WireGuard"
+
+- name: Apply service-specific rules
+ community.general.ufw: "{{ item }}"
+ with_items: "{{ rules }}"
diff --git a/roles/ufw/vars/main.yml b/roles/ufw/vars/main.yml
new file mode 100644
index 0000000..14ba58b
--- /dev/null
+++ b/roles/ufw/vars/main.yml
@@ -0,0 +1 @@
+rules: []
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-24 03:16:40 +0000