https://github.com/asapdotid/ansible-role-firewall
Ansible Role Firewall
https://github.com/asapdotid/ansible-role-firewall
almalinux ansible ansible-role centos debian-linux firewall linux redhat rockylinux
Last synced: 3 months ago
JSON representation
Ansible Role Firewall
- Host: GitHub
- URL: https://github.com/asapdotid/ansible-role-firewall
- Owner: asapdotid
- License: mit
- Created: 2023-01-12T13:28:28.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-11-02T06:05:44.000Z (over 1 year ago)
- Last Synced: 2025-01-20T21:52:29.770Z (5 months ago)
- Topics: almalinux, ansible, ansible-role, centos, debian-linux, firewall, linux, redhat, rockylinux
- Language: Jinja
- Homepage:
- Size: 98.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
Ansible Role Firewall
This role will install and configure the firewall. It supports ufw, firewalld.
For Ubuntu firewall service ufw and RHEL/CentOS 7 or later, the firewalld module is used to configure the firewall.
## Dependencies
- `ansible.posix.firewalld` collection
- `community.general.ufw` Collection
## Role Variables
These variables apply to all firewall types:
`firewalld` specific variables:
| Name | Default Value | Description |
| ----------------------------- | ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `firewalld_default_zone` | `public` | Default zone. |
| `firewalld_zone_interfaces` | `[]` | Zone interface. |
| `firewalld_allowed_tcp_ports` | `['22']` | List of allowed TCP ports. |
| `firewalld_allowed_udp_ports` | `['161']` | List of allowed UDP ports. |
| `firewalld_nat_rules` | `[]` | Specify a source IP and destination port instead of opening the port globally. Optionally allow it only if it is new. With `firewalld`, this creates rich rules to the specified zone.. |
| `firewalld_rich_rules` | `[]` | List of ports and their protocols to NAT. With firewalld, adds rich rules to the specified zone. |
| `firewalld_rules` | `[]` | List of rules to pass to the firewalld module. Each module argument is optional. |
`ufw` specific variables:
| Name | Default Value | Description |
| ------------- | ------------- | ---------------------- |
| `ufw_logging` | `off` | UFW logging on or off. |
| `ufw_rules` | `[]` | UFW Roles. |
## Example
```yaml
- hosts: all
roles:
- role: asapdotid.firewall
```
Variables pace in `vars/main.yml` on your project
### Firewalld
```yaml
firewalld_allowed_tcp_ports:
- 22
- 80
- 443
firewalld_allowed_udp_ports:
- 123
- 67
firewalld_nat_rules:
- protocol: tcp
original_port: 4022
translated_port: 22
firewalld_rich_rules:
- source: "10.0.1.17"
protocol: "tcp"
dest_port: 22
new: true
- source: "192.168.0.0/24"
protocol: "tcp"
dest_port: 22
firewalld_rules:
- service: "ssh"
immediate: "yes"
zone: "public"
```
### UFW
```yaml
ufw_logging: "off"
ufw_rules:
- rule: "allow"
to_port: "ssh"
proto: "tcp"
comment: "allow incoming connection on standard ssh port"
# Delete rule
- rule: "allow"
to_port: "http"
proto: "tcp"
comment: "allow incoming connection on standard http port"
delete: true
```
## License
MIT / BSD