legacy-server-config/ufw/playbook-ufw.yml

---
- name: Configure UFW
  hosts: teier.eu
  gather_facts: no
  
  tasks:
  - name: Install ufw
    apt: name=ufw state=latest

  - name: Set logging
    community.general.ufw:
      logging: 'on'

  - name: Allow SSH connections
    community.general.ufw:
      rule: allow
      port: '4711'
      proto: tcp
    
  - name: Allow web server access
    community.general.ufw:
      rule: allow
      port: '443'
      proto: tcp
  
  - name: Allow web server access
    community.general.ufw:
      rule: allow
      port: '80'
      proto: tcp

  - name: Allow Minecraft
    community.general.ufw:
      rule: allow
      port: '25565'
      proto: tcp
    
  - name: Allow Starbound
    community.general.ufw:
      rule: allow
      port: '21025'
      proto: tcp

  - name: Allow Matrix federation
    community.general.ufw:
      rule: allow
      port: '8448'
      proto: tcp

  - name: Allow SMTP
    community.general.ufw:
      rule: allow
      port: '587'
      proto: tcp

  - name: Allow Mail
    community.general.ufw:
      rule: allow
      port: '25'
      proto: tcp

  - name: Allow Mail
    community.general.ufw:
      rule: allow
      port: '143'
      proto: tcp

  - name: Allow Mail
    community.general.ufw:
      rule: allow
      port: '587'
      proto: tcp

  - name: Allow Mail
    community.general.ufw:
      rule: allow
      port: '993'
      proto: tcp

  - name: Allow Taript
    community.general.ufw:
      rule: allow
      port: '22'
      proto: tcp

  - name: Allow Retrocraft
    community.general.ufw:
      rule: allow
      port: '25566'
      proto: tcp

  - name: Allow Garry's Mod
    community.general.ufw:
      rule: allow
      port: '17015'
      proto: udp

  - name: Allow Garry's Mod
    community.general.ufw:
      rule: allow
      port: '27015'
      proto: udp

  - name: Allow Garry's Mod
    community.general.ufw:
      rule: allow
      port: '27015'
      proto: tcp

  - name: Allow all access from RFC1918 networks to this host
    community.general.ufw:
      rule: allow
      src: '{{ item }}'
    loop:
      - 10.0.0.0/8
      - 172.16.0.0/12
      - 192.168.0.0/16

  - name: Deny everything else and enable UFW
    community.general.ufw:
      state: enabled
      policy: deny
Init 2021-01-01 15:09:53 +00:00			`---`
			`- name: Configure UFW`
			`hosts: teier.eu`
Add E-Mail Server 2021-04-02 11:09:32 +00:00			`gather_facts: no`
Init 2021-01-01 15:09:53 +00:00
			`tasks:`
			`- name: Install ufw`
			`apt: name=ufw state=latest`

			`- name: Set logging`
			`community.general.ufw:`
			`logging: 'on'`

			`- name: Allow SSH connections`
			`community.general.ufw:`
			`rule: allow`
			`port: '4711'`
			`proto: tcp`

			`- name: Allow web server access`
			`community.general.ufw:`
			`rule: allow`
			`port: '443'`
			`proto: tcp`

			`- name: Allow web server access`
			`community.general.ufw:`
			`rule: allow`
			`port: '80'`
			`proto: tcp`

			`- name: Allow Minecraft`
			`community.general.ufw:`
			`rule: allow`
			`port: '25565'`
			`proto: tcp`

			`- name: Allow Starbound`
			`community.general.ufw:`
			`rule: allow`
			`port: '21025'`
			`proto: tcp`
Add configuration for Matrix/Synapse 2021-01-10 16:40:52 +00:00
			`- name: Allow Matrix federation`
			`community.general.ufw:`
			`rule: allow`
			`port: '8448'`
			`proto: tcp`
Add mautrix-telegram for bridging 2021-01-12 21:11:45 +00:00
Add E-Mail Server 2021-04-02 11:09:32 +00:00			`- name: Allow SMTP`
Add mautrix-telegram for bridging 2021-01-12 21:11:45 +00:00			`community.general.ufw:`
			`rule: allow`
			`port: '587'`
			`proto: tcp`
Add E-Mail Server 2021-04-02 11:09:32 +00:00
			`- name: Allow Mail`
			`community.general.ufw:`
			`rule: allow`
			`port: '25'`
			`proto: tcp`

			`- name: Allow Mail`
			`community.general.ufw:`
			`rule: allow`
			`port: '143'`
			`proto: tcp`

			`- name: Allow Mail`
			`community.general.ufw:`
			`rule: allow`
			`port: '587'`
			`proto: tcp`

			`- name: Allow Mail`
			`community.general.ufw:`
			`rule: allow`
			`port: '993'`
			`proto: tcp`

			`- name: Allow Taript`
			`community.general.ufw:`
			`rule: allow`
			`port: '22'`
			`proto: tcp`

			`- name: Allow Retrocraft`
			`community.general.ufw:`
			`rule: allow`
			`port: '25566'`
			`proto: tcp`

			`- name: Allow Garry's Mod`
			`community.general.ufw:`
			`rule: allow`
			`port: '17015'`
			`proto: udp`

			`- name: Allow Garry's Mod`
			`community.general.ufw:`
			`rule: allow`
			`port: '27015'`
			`proto: udp`

			`- name: Allow Garry's Mod`
			`community.general.ufw:`
			`rule: allow`
			`port: '27015'`
			`proto: tcp`

Init 2021-01-01 15:09:53 +00:00			`- name: Allow all access from RFC1918 networks to this host`
			`community.general.ufw:`
			`rule: allow`
			`src: '{{ item }}'`
			`loop:`
			`- 10.0.0.0/8`
			`- 172.16.0.0/12`
			`- 192.168.0.0/16`

			`- name: Deny everything else and enable UFW`
			`community.general.ufw:`
			`state: enabled`
			`policy: deny`