ansible/common
ansible/common
1
0
Fork 0
Code Issues Pull requests Releases Activity

feat: use union to unify the firewall creation rule

Browse source
This commit is contained in:
Simon Cornet 2025-07-22 11:40:42 +02:00
commit 3cc6801c80
1 changed files with 4 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tasks/firewall.yaml
View file

@ -9,8 +9,7 @@
- name: "set vars" - name: "set vars"
ansible.builtin.set_fact: ansible.builtin.set_fact:
__firewall_enable: "{{ firewall_enable }}" __firewall_enable: "{{ firewall_enable }}"
__firewall_basic_rules: "{{ firewall_basic_rules }}" __firewall_all_rules: "{{ firewall_basic_rules | union(firewall_host_rules)}}"
__firewall_host_rules: "{{ firewall_host_rules }}"
# manage firewall for debian # manage firewall for debian
- name: "firewall - debian family" - name: "firewall - debian family"
@ -54,26 +53,14 @@
policy: "deny" policy: "deny"
logging: "on" logging: "on"
# basic firewall rules # firewall rules
- name: "firewall - add basic rules" - name: "firewall - add rules"
community.general.ufw: community.general.ufw:
rule: "allow" rule: "allow"
direction: "in" direction: "in"
proto: "{{ item.proto | default('tcp') }}" proto: "{{ item.proto | default('tcp') }}"
from_ip: "{{ item.from_ip }}" from_ip: "{{ item.from_ip }}"
to_port: "{{ item.to_port }}" to_port: "{{ item.to_port }}"
loop: "{{ __firewall_basic_rules }}" loop: "{{ __firewall_all_rules }}"
loop_control:
label: " {{ item.name }}"
# host firewall rules
- name: "firewall - add host rules"
community.general.ufw:
rule: "allow"
direction: "in"
proto: "{{ item.proto | default('tcp') }}"
from_ip: "{{ item.from_ip }}"
to_port: "{{ item.to_port }}"
loop: "{{ __firewall_host_rules }}"
loop_control: loop_control:
label: " {{ item.name }}" label: " {{ item.name }}"