Now there is an ufw module. http://docs.ansible.com/ufw_module.html
On Monday, November 25, 2013 9:02:43 AM UTC-6, James Martin wrote: > > I have been using a home-grown ufw module for a while. Just today I > decided to submit a pull request to get it pulled in to ansible: > > https://github.com/ansible/ansible/pull/5048 > > Please test, comment, add feature requests, etc. > > - James > > On Fri, Nov 22, 2013 at 9:32 PM, David Reagan <[email protected]<javascript:>> > wrote: > > I actually found Ferm via the Sovereign set of playbooks a while back. I > > just couldn't quite make the pieces fit together well enough to write a > role > > for it, and the one from Sovereign didn't work for me when looked at > it.. > > > > Fortunately, I found that I can template /lib/ufw/user.rules and make > ufw > > work for me a few days ago. > > > > Templating rules that look like: > > > > ### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in > > -A ufw-user-input -p tcp --dport 22 -j ACCEPT > > -A ufw-user-input -p udp --dport 22 -j ACCEPT > > > > > > ### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in > > -A ufw-user-input -p tcp --dport 443 -j ACCEPT > > -A ufw-user-input -p udp --dport 443 -j ACCEPT > > > > Is a lot easier than FireHOL, ferm, or Shorwall's methods. > > > > 'Course, I think my role is pretty limited in what it can do, but still, > at > > least it makes sense to me. :) > > > > My ufw role is still very rough and I've only tested it on a vagrant vm, > so > > I don't really have anything to share. But at least you all know it's > > possible. :) > > > > --David Reagan > > > > > > On Fri, Nov 22, 2013 at 12:04 PM, Gonzalo Sainz Trápaga < > [email protected] <javascript:>> > > wrote: > >> > >> It seems there is an iptables frontend called "ferm" that does the > trick > >> quite nicely based on a single config file and templates. I will give > it a > >> shot and document the results afterwards, but using this might solve > the > >> issue without custom modules. > >> > >> > >> On Wednesday, November 6, 2013 7:51:00 PM UTC-3, [email protected]: > >>> > >>> This is awesome... Thank you! > >>> > >>> On Monday, February 11, 2013 3:40:49 AM UTC-5, Ahmad Khayyat wrote: > >>>> > >>>> I use shorewall to manage iptables, and rely on its support for a > >>>> rules.d directory. > >>>> > >>>> In /etc/shorewall/rules: > >>>> SHELL cat /etc/shorewall/rules.d/*.rules > >>>> > >>>> Then, each service that needs a port open installs its own rule file, > >>>> e.g.: > >>>> /etc/shorewall/rules.d/ssh.rules > >>>> > >>>> Shorewall's formats are simple enough to manage with templates. > >> > >> -- > >> You received this message because you are subscribed to a topic in the > >> Google Groups "Ansible Project" group. > >> To unsubscribe from this topic, visit > >> > https://groups.google.com/d/topic/ansible-project/I1Vd3oPBfFw/unsubscribe. > > >> To unsubscribe from this group and all its topics, send an email to > >> [email protected] <javascript:>. > >> > >> For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4c7f1366-e0a9-441d-9798-d8ed8b1415cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
