logging stack and firewall
This commit is contained in:
@@ -7,6 +7,10 @@
|
||||
name: ufw
|
||||
state: present
|
||||
|
||||
- name: Logging
|
||||
community.general.ufw:
|
||||
logging: "low"
|
||||
|
||||
- name: Allow SSH
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
@@ -34,11 +38,47 @@
|
||||
proto: tcp
|
||||
route: true
|
||||
|
||||
- name: UFW - Allow podman forwarding
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
interface_in: podman+
|
||||
interface_out: podman+
|
||||
route: true
|
||||
|
||||
- name: UFW - Allow podman forwarding 2
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
interface_in: eth0
|
||||
interface_out: podman+
|
||||
route: true
|
||||
|
||||
- name: UFW - Allow podman forwarding 3
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
interface_in: podman+
|
||||
interface_out: eth0
|
||||
route: true
|
||||
|
||||
- name: UFW - Enable DNS
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
interface_in: podman+
|
||||
proto: "udp"
|
||||
to_port: 53
|
||||
|
||||
- name: UFW - Allow scraping
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
interface_in: podman+
|
||||
proto: "tcp"
|
||||
to_port: 9100
|
||||
|
||||
- name: UFW - Enable and deny by default
|
||||
community.general.ufw:
|
||||
state: enabled
|
||||
default: deny
|
||||
|
||||
|
||||
- name: UFW - Reload firewall
|
||||
changed_when: true
|
||||
ansible.builtin.command: ufw reload
|
||||
|
||||
Reference in New Issue
Block a user