43 lines
1.0 KiB
YAML
43 lines
1.0 KiB
YAML
---
|
|
# to verify ufw configuration run:
|
|
# sudo ufw status verbose
|
|
|
|
- name: Install ufw
|
|
apt: package=ufw state=present
|
|
|
|
- name: Clean old rules
|
|
ufw: state=reset
|
|
|
|
- name: Configure ufw defaults
|
|
ufw: direction={{ item.direction }} policy={{ item.policy }}
|
|
with_items:
|
|
- { direction: 'incoming', policy: 'deny' }
|
|
- { direction: 'outgoing', policy: 'allow' }
|
|
notify:
|
|
- restart ufw
|
|
|
|
- name: Add ufw ssh access
|
|
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
|
|
with_items:
|
|
- { rule: 'allow', port: '22', proto: 'tcp' }
|
|
notify:
|
|
- restart ufw
|
|
when: allow_validator_ssh == true
|
|
|
|
- name: Add ufw p2p access
|
|
ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
|
|
with_items:
|
|
- { rule: 'allow', port: '30303', proto: 'tcp' }
|
|
- { rule: 'allow', port: '30303', proto: 'udp' }
|
|
notify:
|
|
- restart ufw
|
|
when: allow_validator_p2p == true
|
|
|
|
- name: Enable ufw logging
|
|
ufw: logging=off
|
|
notify:
|
|
- restart ufw
|
|
|
|
- name: Enable ufw
|
|
ufw: state=enabled
|