Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Aikes Docs

UFW

UFW show rules when inactive 

ufw show added

UFW allow APP Profile from IP

Put quotes around app profiles with spaces.

ufw allow from 1.2.3.4/24 to any app <profile name>

UFW without Ansible 

ufw allow from 1.2.3.4 to any port ssh comment 'Aikes devjump host'

UFW disable logging

ufw logging off

UFW reset rules

ufw reset

UFW disable logging with Ansible 

- name: UFW disable logging
  community.general.ufw:
    logging: off

Other UFW with Ansible 

- name: Allow HTTP from everywhere
  community.general.ufw:
    rule: allow
    port: 80

- name: Allow HTTPS from everywhere
  community.general.ufw:
    rule: allow
    port: 443

- name: Allow SSH from selected hosts
  community.general.ufw:
    rule: allow
    port: '22'
    src: ''
  loop:
    - 1.2.3.4/32 # Aikes devjump host

- name: Outgoing allow
  community.general.ufw:
    state: enabled
    direction: outgoing
    policy: allow

- name: Incoming deny
  community.general.ufw:
    state: enabled
    direction: incoming
    policy: deny

- name: UFW disable logging
  community.general.ufw:
    logging: off