2016-10-13 06:19:27 +00:00
|
|
|
- name: Setup Firewall
|
|
|
|
|
user: root
|
|
|
|
|
hosts: localhost
|
|
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
|
# For CentOS
|
2017-09-08 15:10:16 +00:00
|
|
|
- name: Enable SELinux
|
|
|
|
|
selinux: policy=targeted state=permissive
|
2017-10-10 08:33:30 +00:00
|
|
|
when: ansible_distribution == 'CentOS'
|
2017-09-08 15:10:16 +00:00
|
|
|
|
2016-10-13 06:19:27 +00:00
|
|
|
- name: Install firewalld
|
|
|
|
|
yum: name=firewalld state=present
|
|
|
|
|
when: ansible_distribution == 'CentOS'
|
|
|
|
|
|
|
|
|
|
- name: Enable Firewall
|
|
|
|
|
service: name=firewalld state=started enabled=yes
|
|
|
|
|
when: ansible_distribution == 'CentOS'
|
|
|
|
|
|
|
|
|
|
- name: Add firewall rules
|
|
|
|
|
firewalld: port={{ item }}/tcp permanent=true state=enabled
|
|
|
|
|
with_items:
|
|
|
|
|
- 80
|
|
|
|
|
- 443
|
2017-09-18 07:07:55 +00:00
|
|
|
- "{{ ssh_port }}"
|
2016-10-13 06:19:27 +00:00
|
|
|
when: ansible_distribution == 'CentOS'
|
|
|
|
|
|
|
|
|
|
- name: Restart Firewall
|
|
|
|
|
service: name=firewalld state=restarted enabled=yes
|
|
|
|
|
when: ansible_distribution == 'CentOS'
|
|
|
|
|
|
|
|
|
|
# For Ubuntu / Debian
|
|
|
|
|
- name: Install ufw
|
2017-10-10 08:33:30 +00:00
|
|
|
apt: name={{ item }} state=present force=yes
|
|
|
|
|
with_items:
|
|
|
|
|
- python-selinux
|
|
|
|
|
- ufw
|
2016-10-13 06:19:27 +00:00
|
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
|
|
|
|
|
|
|
|
- name: Enable Firewall
|
|
|
|
|
ufw: state=enabled policy=deny
|
|
|
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
|
|
|
|
|
|
|
|
- name: Add firewall rules
|
|
|
|
|
ufw: rule=allow proto=tcp port={{ item }}
|
|
|
|
|
with_items:
|
|
|
|
|
- 80
|
|
|
|
|
- 443
|
2017-09-18 07:07:55 +00:00
|
|
|
- "{{ ssh_port }}"
|
2016-10-13 06:19:27 +00:00
|
|
|
when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian'
|
|
|
|
|
|
