homeserver-ansible/tasks/firewall.yml

- name: Install firewall packages
  community.general.pacman:
    name:
      - ufw

- name: Deny all ports
  community.general.ufw:
    policy: deny

- name: Allow service ports
  community.general.ufw:
    rule: allow
    port: "{{ item }}"
    proto: tcp
    state: enabled

  with_items:
    - "{{ sshd_port }}"
    - http
    - https

- name: Allow DNS port to LAN
  community.general.ufw:
    rule: allow
    port: 53
    proto: any
    state: enabled
    src: "{{ local_subnet }}"


- name: Enable firewall service
  service:
    name: ufw
    state: started
    enabled: yes
Initial file upload 2022-02-27 16:05:34 -05:00			`- name: Install firewall packages`
			`community.general.pacman:`
			`name:`
			`- ufw`

			`- name: Deny all ports`
			`community.general.ufw:`
			`policy: deny`

			`- name: Allow service ports`
			`community.general.ufw:`
			`rule: allow`
			`port: "{{ item }}"`
			`proto: tcp`
			`state: enabled`

			`with_items:`
			`- "{{ sshd_port }}"`
			`- http`
			`- https`

			`- name: Allow DNS port to LAN`
			`community.general.ufw:`
			`rule: allow`
			`port: 53`
			`proto: any`
			`state: enabled`
			`src: "{{ local_subnet }}"`


			`- name: Enable firewall service`
			`service:`
			`name: ufw`
			`state: started`
			`enabled: yes`