[a] allow all internal lan connections
This commit is contained in:
parent
6ee695461e
commit
8c4e3f3781
2 changed files with 11 additions and 0 deletions
|
@ -6,6 +6,10 @@ common_allow_restart: false # allow restarting after update
|
||||||
common_firewall_enabled: true
|
common_firewall_enabled: true
|
||||||
common_firewall_reject: false # reject all connections by default
|
common_firewall_reject: false # reject all connections by default
|
||||||
|
|
||||||
|
# Allow incoming on internal subnet
|
||||||
|
common_firewall_allow_internal_incoming: true # allow or not?
|
||||||
|
common_firewall_internal_subnet: 10.0.0.0/24 # internal subnet
|
||||||
|
|
||||||
# Default Firewall Rules
|
# Default Firewall Rules
|
||||||
common_firewall:
|
common_firewall:
|
||||||
- port: 22
|
- port: 22
|
||||||
|
|
|
@ -26,6 +26,13 @@
|
||||||
state: absent
|
state: absent
|
||||||
when: not common_firewall_enabled
|
when: not common_firewall_enabled
|
||||||
|
|
||||||
|
- name: Allow all incoming connections from LAN by default
|
||||||
|
community.general.ufw:
|
||||||
|
default: allow
|
||||||
|
direction: incoming
|
||||||
|
src: "{{ common_firewall_internal_subnet }}"
|
||||||
|
when: "{{ common_firewall_allow_internal_incoming }}"
|
||||||
|
|
||||||
- name: Reject incoming connections on WAN interface by default
|
- name: Reject incoming connections on WAN interface by default
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
default: reject
|
default: reject
|
||||||
|
|
Loading…
Reference in a new issue