Allow known IP in UFW

79888a13 · freezed · 71e44e39 · 79888a13
Commit 79888a13 authored 2 years ago by freezed
--- a/tasks/system_cfg/firewall.yml
+++ b/tasks/system_cfg/firewall.yml
@@ -23,6 +23,26 @@
    direction: outgoing
    policy: allow

+- name: UFW | allow local IPs on port 22 IN
+  when: inventory_hostname in groups.station
+  loop: "{{ groups['station'] }}"
+  community.general.ufw:
+    direction: in
+    port: '22'
+    proto: tcp
+    rule: allow
+    src: "{{hostvars[item]['ansible_host']}}"
+
+- name: "UFW | allow {{gateway}} IP on port 22 IN"
+  when: (inventory_hostname in groups.production) or
+        (inventory_hostname in groups.devel)
+  community.general.ufw:
+    direction: in
+    port: '22'
+    proto: tcp
+    rule: allow
+    src: "{{gateway}}"
+
 - name: UFW | limit tcp port 22 IN
  community.general.ufw:
    direction: in