connectivity

2.1 KB•YML

firewall.yml

2.1 KB • 74 lines • yaml

1---
2# ========================================
3# CONNECTIVITY FIREWALL CONFIGURATION
4# ========================================
5# Configures firewall rules for connectivity services
6# Ensures proper network access for VPN, proxy, and DNS services
7
8- name: "Ensure UFW is installed and enabled"
9  ansible.builtin.package:
10    name: ufw
11    state: present
12  tags: [firewall, setup]
13
14- name: "Reset UFW to default deny policy"
15  ansible.builtin.ufw:
16    state: reset
17    policy: deny
18  tags: [firewall, setup]
19
20- name: "Allow SSH access"
21  ansible.builtin.ufw:
22    rule: allow
23    port: "{{ ansible_ssh_port | default(22) }}"
24    proto: tcp
25    comment: "SSH access"
26  tags: [firewall, ssh]
27
28- name: "Check current UFW rules"
29  ansible.builtin.command: ufw status numbered
30  register: current_ufw_rules
31  changed_when: false
32  tags: [firewall, info]
33
34- name: "Configure connectivity service firewall rules"
35  ansible.builtin.ufw:
36    rule: "{{ item.rule }}"
37    port: "{{ item.port }}"
38    proto: "{{ item.proto }}"
39    comment: "{{ item.comment | default(omit) }}"
40  loop: "{{ connectivity_firewall_rules }}"
41  when:
42    - connectivity_firewall_rules is defined
43    - connectivity_firewall_rules | length > 0
44    - item.comment not in current_ufw_rules.stdout
45  notify: restart ufw
46  tags: [firewall, services]
47
48- name: "Enable UFW firewall"
49  ansible.builtin.ufw:
50    state: enabled
51  tags: [firewall, setup]
52
53- name: "Display configured firewall rules"
54  ansible.builtin.command: ufw status verbose
55  register: ufw_status
56  changed_when: false
57  tags: [firewall, info]
58
59- name: "Show firewall configuration summary"
60  ansible.builtin.debug:
61    msg: |
62      ð¥ Firewall Configuration Complete
63      
64      UFW Status:
65      {{ ufw_status.stdout | default('UFW status unavailable') }}
66      
67      Services Protected:
68      {% for rule in connectivity_firewall_rules | default([]) %}
69      - {{ rule.comment | default('Unknown service') }} ({{ rule.port }}/{{ rule.proto }})
70      {% endfor %}
71      
72      Default Policy: Deny (incoming), Allow (outgoing)
73      SSH Access: Port {{ ansible_ssh_port | default(22) }}
74  tags: [firewall, info]

1--- 2# ======================================== 3# CONNECTIVITY FIREWALL CONFIGURATION 4# ======================================== 5# Configures firewall rules for connectivity services 6# Ensures proper network access for VPN, proxy, and DNS services 7 8- name: "Ensure UFW is installed and enabled" 9 ansible.builtin.package: 10 name: ufw 11 state: present 12 tags: [firewall, setup] 13 14- name: "Reset UFW to default deny policy" 15 ansible.builtin.ufw: 16 state: reset 17 policy: deny 18 tags: [firewall, setup] 19 20- name: "Allow SSH access" 21 ansible.builtin.ufw: 22 rule: allow 23 port: "{{ ansible_ssh_port | default(22) }}" 24 proto: tcp 25 comment: "SSH access" 26 tags: [firewall, ssh] 27 28- name: "Check current UFW rules" 29 ansible.builtin.command: ufw status numbered 30 register: current_ufw_rules 31 changed_when: false 32 tags: [firewall, info] 33 34- name: "Configure connectivity service firewall rules" 35 ansible.builtin.ufw: 36 rule: "{{ item.rule }}" 37 port: "{{ item.port }}" 38 proto: "{{ item.proto }}" 39 comment: "{{ item.comment | default(omit) }}" 40 loop: "{{ connectivity_firewall_rules }}" 41 when: 42 - connectivity_firewall_rules is defined 43 - connectivity_firewall_rules | length > 0 44 - item.comment not in current_ufw_rules.stdout 45 notify: restart ufw 46 tags: [firewall, services] 47 48- name: "Enable UFW firewall" 49 ansible.builtin.ufw: 50 state: enabled 51 tags: [firewall, setup] 52 53- name: "Display configured firewall rules" 54 ansible.builtin.command: ufw status verbose 55 register: ufw_status 56 changed_when: false 57 tags: [firewall, info] 58 59- name: "Show firewall configuration summary" 60 ansible.builtin.debug: 61 msg: | 62 ð¥ Firewall Configuration Complete 63 64 UFW Status: 65 {{ ufw_status.stdout | default('UFW status unavailable') }} 66 67 Services Protected: 68 {% for rule in connectivity_firewall_rules | default([]) %} 69 - {{ rule.comment | default('Unknown service') }} ({{ rule.port }}/{{ rule.proto }}) 70 {% endfor %} 71 72 Default Policy: Deny (incoming), Allow (outgoing) 73 SSH Access: Port {{ ansible_ssh_port | default(22) }} 74 tags: [firewall, info]