ansible/roles/common/tasks/ufw.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

---
- name: Ensure UFW is installed
  ansible.builtin.apt:
    name: ufw
    state: present

- name: Allow SSH
  community.general.ufw:
    rule: allow
    name: OpenSSH
    comment: "Allow SSH"

- name: Allow HTTP
  community.general.ufw:
    rule: allow
    port: 80
    proto: tcp
    comment: "Allow HTTP"

- name: Allow HTTPS
  community.general.ufw:
    rule: allow
    port: 443
    proto: tcp
    comment: "Allow HTTPS"

- name: Enable UFW
  community.general.ufw:
    state: enabled

- name: Ensure UFW is enabled on boot
  ansible.builtin.systemd:
    name: ufw
    enabled: true
...