Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
- name: FIREWALL | install packages
ansible.builtin.apt:
cache_valid_time: 3600
force_apt_get: yes
pkg:
- fail2ban
- ufw
state: present
update_cache: true
- name: UFW | reset before setting
community.general.ufw:
state: reset
- name: UFW | deny everything IN
community.general.ufw:
direction: incoming
policy: deny
- name: UFW | allow everything OUT
community.general.ufw:
direction: outgoing
policy: allow
- name: UFW | limit tcp port 22 IN
community.general.ufw:
direction: in
log: yes
port: '22'
proto: tcp
rule: limit
- name: UFW | allow tcp port 80 IN
when: inventory_hostname in groups.web
community.general.ufw:
direction: in
rule: allow
port: '80'
proto: tcp
- name: UFW | enable & set logging
community.general.ufw:
logging: low
state: enabled
- name: FAIL2BAN | ensure deamon is running
ansible.builtin.service:
name: fail2ban
state: started
enabled: true
- name: FAIL2BAN | set local config
ansible.builtin.template:
src: templates/jail.local.j2
dest: /etc/fail2ban/jail.local
- name: FAIL2BAN | restart service
ansible.builtin.service:
name: fail2ban
state: restarted