[a] allow all internal lan connections

This commit is contained in:
Sangelo 2024-10-21 16:46:54 +02:00
parent 6ee695461e
commit 8c4e3f3781
2 changed files with 11 additions and 0 deletions

View file

@ -6,6 +6,10 @@ common_allow_restart: false # allow restarting after update
common_firewall_enabled: true
common_firewall_reject: false # reject all connections by default
# Allow incoming on internal subnet
common_firewall_allow_internal_incoming: true # allow or not?
common_firewall_internal_subnet: 10.0.0.0/24 # internal subnet
# Default Firewall Rules
common_firewall:
- port: 22

View file

@ -26,6 +26,13 @@
state: absent
when: not common_firewall_enabled
- name: Allow all incoming connections from LAN by default
community.general.ufw:
default: allow
direction: incoming
src: "{{ common_firewall_internal_subnet }}"
when: "{{ common_firewall_allow_internal_incoming }}"
- name: Reject incoming connections on WAN interface by default
community.general.ufw:
default: reject