26 lines
762 B
YAML
26 lines
762 B
YAML
---
|
|
- name: Пакет ufw
|
|
ansible.builtin.apt:
|
|
name: ufw
|
|
state: present
|
|
|
|
- name: Разрешить входящие порты
|
|
ansible.builtin.command: ufw allow {{ item }}/tcp
|
|
loop:
|
|
- "22"
|
|
- "80"
|
|
- "443"
|
|
register: ufw_allow
|
|
changed_when: "'added' in ufw_allow.stdout | default('') | lower or 'updated' in ufw_allow.stdout | default('') | lower"
|
|
failed_when: false
|
|
|
|
- name: Политика по умолчанию — запрет входящих
|
|
ansible.builtin.command: ufw default deny incoming
|
|
changed_when: false
|
|
|
|
- name: Включить ufw
|
|
ansible.builtin.command: ufw --force enable
|
|
register: ufw_en
|
|
changed_when: "'Firewall is active' in ufw_en.stdout | default('') or ufw_en.rc == 0"
|
|
failed_when: false
|