lunivity/ansible-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[a] allow all internal lan connections

Browse source
This commit is contained in:
Sangelo 2024-10-21 16:46:54 +02:00
parent 6ee695461e
commit 8c4e3f3781
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/secure/defaults/main.yml
View file

@ -6,6 +6,10 @@ common_allow_restart: false # allow restarting after update
common_firewall_enabled: true common_firewall_enabled: true
common_firewall_reject: false # reject all connections by default common_firewall_reject: false # reject all connections by default
# Allow incoming on internal subnet
common_firewall_allow_internal_incoming: true # allow or not?
common_firewall_internal_subnet: 10.0.0.0/24 # internal subnet
# Default Firewall Rules # Default Firewall Rules
common_firewall: common_firewall:
- port: 22 - port: 22

7
roles/secure/tasks/main.yml
View file

@ -26,6 +26,13 @@
state: absent state: absent
when: not common_firewall_enabled when: not common_firewall_enabled
- name: Allow all incoming connections from LAN by default
community.general.ufw:
default: allow
direction: incoming
src: "{{ common_firewall_internal_subnet }}"
when: "{{ common_firewall_allow_internal_incoming }}"
- name: Reject incoming connections on WAN interface by default - name: Reject incoming connections on WAN interface by default
community.general.ufw: community.general.ufw:
default: reject default: reject