Adds geerlingguy.firewall

2020-03-31 00:36:13 +02:00 · 2020-03-31 00:36:13 +02:00 · a271daf122
commit a271daf122
parent 20ee4d9d16
4 changed files with 28 additions and 1 deletions
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -7,4 +7,15 @@ docker_package: "docker-{{ docker_edition }}"
 docker_package_state: present
 docker_compose_version: "1.25.0"
 docker_users:
-  - deploy
+  - deploy
+firewall_disable_ufw: true
+firewall_flush_rules_and_chains: true
+firewall_allowed_tcp_ports:
+  - "22"
+  - "80"
+  - "443"
+#firewall_allowed_udp_ports:
+#  # Jitsi
+#  - "10000"
+firewall_additional_rules:
+  - "iptables -P INPUT DROP"
--- a/group_vars/vagrant.yml
+++ b/group_vars/vagrant.yml
@ -1,4 +1,13 @@
 ansible_user: vagrant
+firewall_disable_ufw: true
+firewall_flush_rules_and_chains: true
+firewall_allowed_tcp_ports:
+ - "22"
+ - "80"
+ - "443"
+firewall_allowed_udp_ports:
+  # Jitsi
+  - "10000"
 users:
  - deploy
 sudoers: []