Here is a simple Ansible UFW firewall playbook.<\/p>\n\n\n\n
You will need to install the Ansible collection Next create the playbook. Modify the ports to your liking. Also remember you can put these variables in the Ansible inventory file so each hosts can have different settings. <\/p>\n\n\n\n Save the playbook as Run the playbook with:<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n Here is a more advanced playbook that will loop through multiple IP addresses and ports.<\/p>\n\n\n\n Here is a simple Ansible UFW firewall playbook. You will need to install the Ansible collection community.general if it is not already installed. Next create the playbook. Modify the ports to your liking. Also remember you can put these variables … Continue reading community.general<\/code> if it is not already installed.<\/p>\n\n\n\nansible-galaxy collection install community.general<\/code><\/pre>\n\n\n\n---\n- hosts: ubuntu\n become: true\n vars:\n ssh_port: 22\n http_port: 80\n https_port: 443\n\n tasks:\n - name: Ensure UFW is installed\n apt:\n name: ufw\n state: present\n update_cache: yes\n\n - name: Restrict SSH access to local IP addresses (RFC 1918)\n block:\n - name: Allow SSH from 10.0.0.0\/8\n community.general.ufw:\n rule: allow\n from_ip: 10.0.0.0\/8\n port: \"{{ ssh_port }}\"\n proto: tcp\n - name: Allow SSH from 172.16.0.0\/12\n community.general.ufw:\n rule: allow\n from_ip: 172.16.0.0\/12\n port: \"{{ ssh_port }}\"\n proto: tcp\n - name: Allow SSH from 192.168.0.0\/16\n community.general.ufw:\n rule: allow\n from_ip: 192.168.0.0\/16\n port: \"{{ ssh_port }}\"\n proto: tcp\n\n - name: Allow HTTPS access from the world\n community.general.ufw:\n rule: allow\n port: \"{{ https_port }}\"\n proto: tcp\n\n - name: Allow HTTP access from the world\n community.general.ufw:\n rule: allow\n port: \"{{ http_port }}\"\n proto: tcp\n\n - name: Enable UFW and set default policy to deny incoming\n community.general.ufw:\n state: enabled\n policy: deny\n<\/code><\/pre>\n\n\n\nubuntu_firewall.yaml<\/code><\/p>\n\n\n\nansible-playbook ubuntu_firewall.yaml -i inventory\/hosts<\/code><\/pre>\n\n\n\n---\n- hosts: ubuntu\n become: true\n vars:\n local_ports:\n - { port: '22', proto: 'tcp' } # SSH\n - { port: '161', proto: 'udp' } # SNMP\n public_ports:\n - { port: '80', proto: 'tcp' } # HTTP\n - { port: '443', proto: 'tcp' } # HTTPS\n local_ips:\n - 10.0.0.0\/8\n - 172.16.0.0\/12\n - 192.168.0.0\/16\n\n tasks:\n - name: Ensure UFW is installed\n apt:\n name: ufw\n state: present\n update_cache: yes\n\n - name: Allow public_ports\n community.general.ufw:\n rule: allow\n port: \"{{ item.port }}\"\n proto: \"{{ item.proto }}\"\n loop: \"{{ public_ports }}\"\n\n\n - name: Allow access to local_ports from RFC 1918 local addresses\n block:\n - name: Allow local_ports from RFC 1918 local IPs\n community.general.ufw:\n rule: allow\n from_ip: \"{{ item.0 }} \"\n port: \"{{ item.1.port }}\"\n proto: \"{{ item.1.proto }}\"\n loop: \"{{ local_ips | product(local_ports) | list }}\"\n\n - name: Enable UFW and set default policy to deny incoming\n community.general.ufw:\n state: enabled\n policy: deny<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"