firewall.yml 754 Bytes
Newer Older
Alexander Withers's avatar
Alexander Withers committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
---
- file: path=/var/log/ufw.log owner=syslog group=adm mode=640 state=touch
  tags: ufw
  when: (ansible_distribution == "Ubuntu")

- ufw: rule=allow port="{{ item }}" state=enabled
  with_items:
    - "{{ ssh_traffic_port }}"
    - "{{ sshd_alt_port }}"
    - 22
  tags: ufw
  when: (ansible_distribution == "Ubuntu")

- firewalld: port=22/tcp permanent=true state=enabled immediate=yes
  when: (ansible_distribution == "CentOS")

- firewalld: port="{{ sshd_alt_port }}/tcp" permanent=true state=enabled immediate=yes
  when: (ansible_distribution == "CentOS")

20
- command: /usr/bin/firewall-cmd --reload
awithers's avatar
awithers committed
21
22
23
24
  when: (ansible_distribution == "CentOS")

- command: /usr/sbin/semanage port -a -t ssh_port_t -p tcp "{{ sshd_alt_port }}"
  ignore_errors: True