aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--roles/ufw/tasks/main.yml20
-rw-r--r--roles/ufw/vars/main.yml1
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/ufw/tasks/main.yml b/roles/ufw/tasks/main.yml
new file mode 100644
index 0000000..ff437f3
--- /dev/null
+++ b/roles/ufw/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Enable UFW and deny all traffic by default
+ community.general.ufw:
+ state: enabled
+ policy: deny
+
+- name: Allow OpenSSH
+ community.general.ufw:
+ rule: allow
+ name: OpenSSH
+
+- name: Allow WireGuard
+ community.general.ufw:
+ rule: allow
+ proto: udp
+ port: "{{ wireguard_port }}"
+ comment: "Allow WireGuard"
+
+- name: Apply service-specific rules
+ community.general.ufw: "{{ item }}"
+ with_items: "{{ rules }}"
diff --git a/roles/ufw/vars/main.yml b/roles/ufw/vars/main.yml
new file mode 100644
index 0000000..14ba58b
--- /dev/null
+++ b/roles/ufw/vars/main.yml
@@ -0,0 +1 @@
+rules: []
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-24 19:52:30 +0000