Add the ufw firewall

2022-05-27 16:29:27 -04:00
parent d7838563a1
commit 45465ad26b
4 changed files with 42 additions and 0 deletions
--- a/roles/base/tasks/firewall.yml
+++ b/roles/base/tasks/firewall.yml
@@ -0,0 +1,23 @@
+- name: Install the Uncomplicated Firewall
+  apt:
+    name: ufw
+    state: present
+
+- name: Deny incoming traffic by default
+  ufw:
+    default: deny
+    direction: incoming
+
+- name: Allow outgoing traffic by default
+  ufw:
+    default: allow
+    direction: outgoing
+
+- name: Allow OpenSSH with rate limiting
+  ufw:
+    name: ssh
+    rule: limit
+
+- name: Enable firewall
+  ufw:
+    state: enabled
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -4,6 +4,9 @@
 - import_tasks: system.yml
  tags: system

+- import_tasks: firewall.yml
+  tags: firewall
+
 - import_tasks: network.yml
  tags: network
  when: manage_network