Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

darknet.py is a network application with no dependencies other than Python and Tor, useful to anonymize the traffic of linux servers and workstations.

Stars: ✭ 71 (-79.3%)

Mutual labels: debian, ubuntu, fedora, centos, rhel

ansible-role-docker-ce

Ansible role to install Docker CE on AlmaLinux/Rocky/CentOS/Fedora/RHEL(Redhat)/Ubuntu/Debian/Mint/Raspbian

Stars: ✭ 73 (-78.72%)

Mutual labels: debian, fedora, centos, rhel

Ansible Role Packer rhel

Ansible Role - Packer RHEL/CentOS Configuration for Vagrant VirtualBox

Stars: ✭ 45 (-86.88%)

Mutual labels: ansible, centos, rhel, role

Ansible Mariadb Galera Cluster

Stars: ✭ 49 (-85.71%)

Mutual labels: ansible, ubuntu, debian, centos

Packer Boxes

Jeff Geerling's Packer build configurations for Vagrant boxes.

Stars: ✭ 495 (+44.31%)

Mutual labels: ansible, ubuntu, debian, centos

Iptables Boilerplate

rock solid default firewall-rules for webhosts

Stars: ✭ 249 (-27.41%)

Mutual labels: iptables, ubuntu, debian, firewall

Rocket.chat.ansible

Deploy Rocket.Chat with Ansible!

Stars: ✭ 80 (-76.68%)

Mutual labels: ansible, ubuntu, debian, centos

dist-detect

Try to determine what Linux/Unix distribution is running on a remote host and get a hint if security updates are applied.

Stars: ✭ 14 (-95.92%)

Mutual labels: debian, ubuntu, centos, rhel

Oracle Java

Ansible role to install Oracle Java 8/11 on Debian and RedHat based distributions.

Stars: ✭ 144 (-58.02%)

Mutual labels: ansible, ubuntu, debian, centos

Kvm Install Vm

Bash script to build local virtual machines using KVM/libvirt and cloud-init.

Stars: ✭ 248 (-27.7%)

Mutual labels: ubuntu, debian, centos, fedora

Piadvanced

This started as a custom install for my pihole!

Stars: ✭ 144 (-58.02%)

Mutual labels: iptables, ubuntu, debian, firewall

Mattermost Ansible

Ansible playbook to provide a turnkey solution for the Team Edition of Mattermost

Stars: ✭ 126 (-63.27%)

Mutual labels: ansible, ubuntu, debian, centos

View All Similar Projects ➔

Ansible Role: Firewall (iptables)

Installs an iptables-based firewall for Linux. Supports both IPv4 (iptables) and IPv6 (ip6tables).

This firewall aims for simplicity over complexity, and only opens a few specific ports for incoming traffic (configurable through Ansible variables). If you have a rudimentary knowledge of iptables and/or firewalls in general, this role should be a good starting point for a secure system firewall.

After the role is run, a firewall init service will be available on the server. You can use service firewall [start|stop|restart|status] to control the firewall.

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

firewall_state: started
firewall_enabled_at_boot: true

Controls the state of the firewall service; whether it should be running (firewall_state) and/or enabled on system boot (firewall_enabled_at_boot).

firewall_flush_rules_and_chains: true

Whether to flush all rules and chains whenever the firewall is restarted. Set this to false if there are other processes managing iptables (e.g. Docker).

firewall_allowed_tcp_ports:
  - "22"
  - "80"
  ...
firewall_allowed_udp_ports: []

A list of TCP or UDP ports (respectively) to open to incoming traffic.

firewall_forwarded_tcp_ports:
  - { src: "22", dest: "2222" }
  - { src: "80", dest: "8080" }
firewall_forwarded_udp_ports: []

Forward src port to dest port, either TCP or UDP (respectively).

firewall_additional_rules: []
firewall_ip6_additional_rules: []

Any additional (custom) rules to be added to the firewall (in the same format you would add them via command line, e.g. iptables [rule]/ip6tables [rule]). A few examples of how this could be used:

# Allow only the IP 167.89.89.18 to access port 4949 (Munin).
firewall_additional_rules:
  - "iptables -A INPUT -p tcp --dport 4949 -s 167.89.89.18 -j ACCEPT"

# Allow only the IP 214.192.48.21 to access port 3306 (MySQL).
firewall_additional_rules:
  - "iptables -A INPUT -p tcp --dport 3306 -s 214.192.48.21 -j ACCEPT"

See Iptables Essentials: Common Firewall Rules and Commands for more examples.

firewall_log_dropped_packets: true

Whether to log dropped packets to syslog (messages will be prefixed with "Dropped by firewall: ").

firewall_disable_firewalld: false
firewall_disable_ufw: false

Set to true to disable firewalld (installed by default on RHEL/CentOS) or ufw (installed by default on Ubuntu), respectively.

firewall_enable_ipv6: true

Set to false to disable configuration of ip6tables (for example, if your GRUB_CMDLINE_LINUX contains ipv6.disable=1).

Dependencies

None.

Example Playbook

- hosts: server
  vars_files:
    - vars/main.yml
  roles:
    - { role: geerlingguy.firewall }

Inside vars/main.yml:

firewall_allowed_tcp_ports:
  - "22"
  - "25"
  - "80"

TODO

Make outgoing ports more configurable.
Make other firewall features (like logging) configurable.

License

MIT / BSD

Author Information

This role was created in 2014 by Jeff Geerling, author of Ansible for DevOps.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 343

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (8) 🔗