Skip to content

pyykkis/ansible-ufw-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 
ufw-example.yml
ufw-example.yml
 
 

Repository files navigation

Ansible ufw example

Setup

git clone git@github.com/pyykkis/ansible-ufw-example
cd ansible-ufw-example
vagrant up

Discussion

In this example, ansible and vagrant are used to provision precise64 box. Ansible sets up following services

  • ufw
    • reject as a default policy
    • allow/22 for OpenSSH
  • nginx
    • ports 80 and 443 are rejected by ufw as no allow rule is specified for them

Firewall settings can be explored from the host machine using nmap, or simply by curl 192.168.0.2.

More information about UFW in general and Ansible ufw module in particular can be found from Ubuntu UncomplicatedFirewall documentation and Ansible UFW module documentation

Using reject as a default policy is recommended by multiple sources, as drop doesn't really help with security, and is a major PITA when debugging distributed systems [1], [2].

References:

[1]: Why Firewall Reject Rules Are Better Than Firewall Drop Rules
[2]: Drop versus Reject

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published