From 79888a13a9f97737d15823f8cfab9cc109f9fc9f Mon Sep 17 00:00:00 2001 From: freezed <git-expect-noreply@freezed.me> Date: Sun, 4 Dec 2022 01:10:08 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Allow=20known=20IP=20in=20UFW?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tasks/system_cfg/firewall.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tasks/system_cfg/firewall.yml b/tasks/system_cfg/firewall.yml index ea26c82..d09e48a 100644 --- a/tasks/system_cfg/firewall.yml +++ b/tasks/system_cfg/firewall.yml @@ -23,6 +23,26 @@ direction: outgoing policy: allow +- name: UFW | allow local IPs on port 22 IN + when: inventory_hostname in groups.station + loop: "{{ groups['station'] }}" + community.general.ufw: + direction: in + port: '22' + proto: tcp + rule: allow + src: "{{hostvars[item]['ansible_host']}}" + +- name: "UFW | allow {{gateway}} IP on port 22 IN" + when: (inventory_hostname in groups.production) or + (inventory_hostname in groups.devel) + community.general.ufw: + direction: in + port: '22' + proto: tcp + rule: allow + src: "{{gateway}}" + - name: UFW | limit tcp port 22 IN community.general.ufw: direction: in -- GitLab