diff --git a/tasks/system_cfg/firewall.yml b/tasks/system_cfg/firewall.yml index ea26c82c7d96bbd74396eb3e1734c6d98f892c8a..d09e48a0c1c73e335543590147b1487a5323a8c9 100644 --- a/tasks/system_cfg/firewall.yml +++ b/tasks/system_cfg/firewall.yml @@ -23,6 +23,26 @@ direction: outgoing policy: allow +- name: UFW | allow local IPs on port 22 IN + when: inventory_hostname in groups.station + loop: "{{ groups['station'] }}" + community.general.ufw: + direction: in + port: '22' + proto: tcp + rule: allow + src: "{{hostvars[item]['ansible_host']}}" + +- name: "UFW | allow {{gateway}} IP on port 22 IN" + when: (inventory_hostname in groups.production) or + (inventory_hostname in groups.devel) + community.general.ufw: + direction: in + port: '22' + proto: tcp + rule: allow + src: "{{gateway}}" + - name: UFW | limit tcp port 22 IN community.general.ufw: direction: in