add firewall configuration

6 years ago · bd52fd5733
parent d62408a9aa
commit bd52fd5733
2 changed files with 24 additions and 0 deletions
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -79,3 +79,26 @@
 - include: software.yml
 - include: users.yml
 - include: raspi-config.yml
+
+# Configure firewall
+- name: allow SSH through UFW
+  ufw:
+    rule: allow
+    port: ssh
+    proto: tcp
+    log: yes
+
+- name: set default incoming UFW policy to deny
+  ufw:
+    direction: incoming
+    policy: deny
+
+- name: set default outgoing UFW policy to deny
+  ufw:
+    direction: outgoing
+    policy: allow
+
+- name: enable UFW
+  ufw:
+    state: enabled
+    logging: yes
--- a/roles/common/tasks/software.yml
+++ b/roles/common/tasks/software.yml
@ -31,5 +31,6 @@
      - vim
      - git
      - python-pip
+      - ufw
  tags:
    - sw