don't log igmp; drop multicast silently

master
Glenn K. Lockwood 6 years ago
parent 6d7c298731
commit b7f53d8555
  1. 6
      README.md
  2. 27
      roles/common/tasks/main.yml

@ -10,9 +10,11 @@ is running on the same Raspberry Pi to be configured.
## Bootstrapping on Raspbian
You will need ansible installed on the Raspberry Pi being configured.
You will need ansible installed on the Raspberry Pi being configured. This
playbook relies on Ansible 2.8 or newer, which means you can no longer use
`sudo apt-get install ansible`. Instead, you must
$ sudo apt-get install ansible
$ sudo pip install ansible
## Configuration

@ -92,18 +92,43 @@
port: ssh
proto: tcp
log: yes
tags:
- ufw
- name: allow mDNS through UFW
ufw:
rule: allow
to_ip: 224.0.0.251
proto: igmp
log: no
tags:
- ufw
- name: drop multicast without logging
ufw:
rule: deny
to_ip: 224.0.0.1
log: no
tags:
- ufw
- name: set default incoming UFW policy to deny
ufw:
direction: incoming
policy: deny
tags:
- ufw
- name: set default outgoing UFW policy to deny
- name: set default outgoing UFW policy to allow
ufw:
direction: outgoing
policy: allow
tags:
- ufw
- name: enable UFW
ufw:
state: enabled
logging: yes
tags:
- ufw

Loading…
Cancel
Save