- name: Nginx hosts: pi become: true tasks: - name: Install ufw ansible.builtin.apt: name: ufw state: present - name: Logging community.general.ufw: logging: "low" - name: Allow SSH community.general.ufw: rule: allow name: OpenSSH route: true - name: Allow samba community.general.ufw: rule: allow name: samba route: true - name: UFW - Allow HTTP connections community.general.ufw: rule: allow port: "80" proto: tcp route: true - name: UFW - Allow HTTPS connections community.general.ufw: rule: allow port: "443" proto: tcp route: true - name: UFW - Allow gitbee ssh community.general.ufw: rule: allow port: "2222" proto: tcp route: true - name: UFW - Allow podman forwarding community.general.ufw: rule: allow interface_in: podman+ interface_out: podman+ route: true - name: UFW - Allow podman forwarding 2 community.general.ufw: rule: allow interface_in: eth0 interface_out: podman+ route: true - name: UFW - Allow podman forwarding 3 community.general.ufw: rule: allow interface_in: podman+ interface_out: eth0 route: true - name: UFW - Enable DNS community.general.ufw: rule: allow interface_in: podman+ proto: "udp" to_port: 53 - name: UFW - Allow node exporter scraping community.general.ufw: rule: allow interface_in: podman+ proto: "tcp" to_port: 9100 - name: UFW - Allow podman exporter scraping community.general.ufw: rule: allow interface_in: podman+ proto: "tcp" to_port: 9882 - name: UFW - Enable and deny by default community.general.ufw: state: enabled default: deny - name: UFW - Reload firewall changed_when: true ansible.builtin.command: ufw reload