{"id":16632725,"url":"https://github.com/benwebber/ansible-ufw","last_synced_at":"2026-04-04T03:32:31.696Z","repository":{"id":149655547,"uuid":"41708595","full_name":"benwebber/ansible-ufw","owner":"benwebber","description":"High-level, service-based interface for configuring UFW","archived":false,"fork":false,"pushed_at":"2015-11-21T21:03:58.000Z","size":11,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"develop","last_synced_at":"2025-01-18T08:16:25.645Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/benwebber.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-09-01T00:56:01.000Z","updated_at":"2024-08-28T15:32:23.000Z","dependencies_parsed_at":"2023-04-13T16:23:47.409Z","dependency_job_id":null,"html_url":"https://github.com/benwebber/ansible-ufw","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwebber%2Fansible-ufw","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwebber%2Fansible-ufw/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwebber%2Fansible-ufw/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benwebber%2Fansible-ufw/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/benwebber","download_url":"https://codeload.github.com/benwebber/ansible-ufw/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243114586,"owners_count":20238626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-12T05:10:00.854Z","updated_at":"2025-12-27T06:29:58.014Z","avatar_url":"https://github.com/benwebber.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# ansible-ufw\n\n**ansible-ufw** provides a high-level, service-based interface for configuring the [Uncomplicated Firewall (UFW)](https://wiki.ubuntu.com/UncomplicatedFirewall).\n\n## Requirements\n\n**ansible-ufw** requires:\n\n* Ansible 1.9+\n* Debian, Ubuntu, or other distribution providing the UFW package\n\n## Installation\n\nInstall from [Ansible Galaxy](https://galaxy.ansible.com/detail#/role/4939).\n\n```\nansible-galaxy install benwebber.ufw\n```\n\n## Usage\n\n**ansible-ufw** provides atomic service firewall definitions that allow you to build a host's firewall iteratively.\n\nFor example, to allow Redis connections on a private interface:\n\n```yaml\n- roles:\n  # Install UFW and configure the base policy. Include `benwebber.ufw` with no parameters.\n  - benwebber.ufw\n  # Open Redis (6379/tcp) on eth1.\n  - role: benwebber.ufw\n    service: redis\n    interfaces:\n      - eth1\n```\n\nWhen you apply the roles above, you'll see the following output:\n\n```\nTASK: [benwebber.ufw | install ufw] *****************************************************\nok: [redis1.example.org]\n\nTASK: [benwebber.ufw | configure ufw logging] *******************************************\nok: [redis1.example.org]\n\nTASK: [benwebber.ufw | set base ufw policy] *********************************************\nok: [redis1.example.org]\n\nTASK: [benwebber.ufw | open 22/tcp ssh] *************************************************\nok: [redis1.example.org] =\u003e (item=eth0)\n\nTASK: [benwebber.ufw | open 6379/tcp redis] *********************************************\nok: [redis1.example.org] =\u003e (item=eth1)\n```\n\nSee [`tasks/services/`](tasks/services/) for included services. Pull requests gladly accepted.\n\n### Assumptions\n\n**ansible-ufw** makes the following assumptions:\n\n1. Hosts deny all incoming traffic by default.\n2. The default public interface is `eth0`.\n3. SSH should be available on the default public interface.\n\nAll assumptions can be overridden by local variables.\n\n### Services\n\n### Examples\n\nInstall UFW and configure the base policy.\n\n```yaml\n- roles:\n    - benwebber.ufw\n```\n\nAllow SSH traffic on the default interface (`eth0`). This task is part of the base policy.\n\n```yaml\n- roles:\n  - benwebber.ufw\n  - role: benwebber.ufw\n    service: ssh\n```\n\nAllow HTTP traffic on multiple interfaces.\n\n```yaml\n- roles:\n  - benwebber.ufw\n  - role: benwebber.ufw\n    service: http\n    interfaces:\n      - eth0\n      - eth1\n```\n\nDeny DNS traffic on the default interface (`eth0`).\n\n```yaml\n- roles:\n  - benwebber.ufw\n  - role: benwebber.ufw\n    service: domain\n    delete: true\n```\n\nCreate a custom rule using the special `local` service.\n\n```yaml\n- roles:\n  - benwebber.ufw\n  - role: benwebber.ufw\n    service: local\n    port: 24816\n    proto: udp\n    interfaces:\n      - eth1\n```\n\n## Role variables\n\nThe following variable defaults are defined in `defaults/main.yml`. The default values are shown in brackets.\n\n* `ufw_default_direction`\n\n    default direction to secure (`incoming`)\n\n* `ufw_default_policy`\n\n    default traffic policy (`deny`)\n\n* `ufw_default_state`\n\n    default firewall state (`enabled`)\n\n* `ufw_interfaces`\n\n    list of default interfaces to control (`['eth0']`)\n\n* `ufw_logging`\n\n    whether firewall logging is enabled, and at what level (`off`)\n\n* `ufw_open_ssh`\n\n    whether to open SSH on the default interface by default (`true`)\n\n* `ufw_service_default_direction`\n\n    default direction to secure for services (`in`)\n\n* `ufw_service_default_rule`\n\n    default rule to apply to services (`allow`)\n\nSee the [ufw module](https://docs.ansible.com/ansible/ufw_module.html) documentation for more details.\n\n## Contributing\n\nPlease feel free to submit pull requests for new services or general improvements.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenwebber%2Fansible-ufw","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbenwebber%2Fansible-ufw","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenwebber%2Fansible-ufw/lists"}