Contenu du fichier vars_ufw.yml :
---
allow_in:
- {port: 22, proto: 'tcp'}
- {port: 25, proto: 'tcp'}
- {port: 53, proto: 'udp'}
- {port: 53, proto: 'tcp'}
- {port: 80, proto: 'tcp'}
- {port: 443, proto: 'tcp'}
- {port: 546, proto: 'udp'}
- {port: 587, proto: 'tcp'}
- {port: 993, proto: 'tcp'}
- {port: 5222, proto: 'tcp'}
- {port: 5223, proto: 'tcp'}
- {port: 5269, proto: 'tcp'}
- {port: 5280, proto: 'tcp'}
- {port: 5281, proto: 'tcp'}
allow_out:
- {port: 22, proto: 'tcp'}
- {port: 25, proto: 'tcp'}
- {port: 53, proto: 'udp'}
- {port: 53, proto: 'tcp'}
- {port: 123, proto: 'udp'}
- {port: 547, proto: 'udp'}
- {port: 587, proto: 'udp'}
- {port: 4222, proto: 'tcp'}
- {port: 5222, proto: 'tcp'}
- {port: 5269, proto: 'tcp'}Contenu du script ufw.yml :
---
- hosts: servers
remote_user: root
strategy: debug
vars_files:
- ./vars_ufw.yml
tasks:
- name: Allow incoming traffic
ufw:
rule: allow
port: "{{ item.port }}"
proto: "{{ item.proto }}"
direction: in
with_items: "{{ allow_in }}"
- name: Allow outgoing traffic
ufw:
rule: allow
port: "{{ item.port }}"
proto: "{{ item.proto }}"
direction: out
with_items: "{{ allow_out }}"
- name: Set firewall default policy
ufw: state=enabled policy=denyContenu du fichier inventory :
[servers]
myserver.example.comLancement via ansible-playbook -i inventory ufw.yml