From 79888a13a9f97737d15823f8cfab9cc109f9fc9f Mon Sep 17 00:00:00 2001
From: freezed <git-expect-noreply@freezed.me>
Date: Sun, 4 Dec 2022 01:10:08 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Allow=20known=20IP=20in=20UFW?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 tasks/system_cfg/firewall.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tasks/system_cfg/firewall.yml b/tasks/system_cfg/firewall.yml
index ea26c82..d09e48a 100644
--- a/tasks/system_cfg/firewall.yml
+++ b/tasks/system_cfg/firewall.yml
@@ -23,6 +23,26 @@
     direction: outgoing
     policy: allow
 
+- name: UFW | allow local IPs on port 22 IN
+  when: inventory_hostname in groups.station
+  loop: "{{ groups['station'] }}"
+  community.general.ufw:
+    direction: in
+    port: '22'
+    proto: tcp
+    rule: allow
+    src: "{{hostvars[item]['ansible_host']}}"
+
+- name: "UFW | allow {{gateway}} IP on port 22 IN"
+  when: (inventory_hostname in groups.production) or
+        (inventory_hostname in groups.devel)
+  community.general.ufw:
+    direction: in
+    port: '22'
+    proto: tcp
+    rule: allow
+    src: "{{gateway}}"
+
 - name: UFW | limit tcp port 22 IN
   community.general.ufw:
     direction: in
-- 
GitLab