[a] allow all internal lan connections
This commit is contained in:
parent
6ee695461e
commit
8c4e3f3781
2 changed files with 11 additions and 0 deletions
|
@ -6,6 +6,10 @@ common_allow_restart: false # allow restarting after update
|
|||
common_firewall_enabled: true
|
||||
common_firewall_reject: false # reject all connections by default
|
||||
|
||||
# Allow incoming on internal subnet
|
||||
common_firewall_allow_internal_incoming: true # allow or not?
|
||||
common_firewall_internal_subnet: 10.0.0.0/24 # internal subnet
|
||||
|
||||
# Default Firewall Rules
|
||||
common_firewall:
|
||||
- port: 22
|
||||
|
|
|
@ -26,6 +26,13 @@
|
|||
state: absent
|
||||
when: not common_firewall_enabled
|
||||
|
||||
- name: Allow all incoming connections from LAN by default
|
||||
community.general.ufw:
|
||||
default: allow
|
||||
direction: incoming
|
||||
src: "{{ common_firewall_internal_subnet }}"
|
||||
when: "{{ common_firewall_allow_internal_incoming }}"
|
||||
|
||||
- name: Reject incoming connections on WAN interface by default
|
||||
community.general.ufw:
|
||||
default: reject
|
||||
|
|
Loading…
Reference in a new issue