Ansible Pilot

Open firewall ports in Debian like systems — Ansible module ufw

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

How to open firewall HTTP and HTTPS ports in Debian-like systems using Ansible and ufw, the Uncomplicated Firewall. I’m going to show you a live demo and some simple Ansible code: Debian, Ubuntu, Linux Mint, MX Linux, Deepin, AntiX, PureOS, Kali Linux, Parrot OS, Devuan, Knoppix, AV Linux Linux

How to open firewall ports in Debian-like systems with Ansible? I’m going to show you a live demo and some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Ansible open firewall ports in Debian-like systems

Today we’re talking about the Ansible module UFW. The full name is community.general.ufw, which means that is part of the collection supported by the Ansible community. This module requires Ansible 2.9+. It works in Debian-like systems so distributions like Debian, Ubuntu, and Mint with ufw firewall, the Uncomplicated Firewall. This module manages the firewall with UFW.

Parameters

The parameter list is pretty wide but this are the most important options for our use case to open firewall ports. The first set of parameters controls UFW program and the second the single rules.

UFW program parameters

Let’s start with three UFW program parameters. The “default” parameter, also called as “policy”, change the default policy for incoming or outgoing traffic. The “logging” parameter toggles UFW logging. Logged packets use the LOG_KERN syslog facility. The “state” parameter specify to enable or disable firewall. Four options are possible:

rule-specific parameters

Now let’s move to four rule-specific parameters. The “rule” parameter adds a firewall rule with four options available: “allow” / “deny” / “limit” / “reject”.

The “name” parameter, also called “app”, uses a profile located in /etc/ufw/applications.d. The “to_port” parameter, also called “port”, specifies the destination port. It could be a single port or a range for example (60000:61000). The “proto” parameter specifies the destination protocol.

demo

Let’s jump in a real-life demo about how to open firewall ports in Debian-like systems with Ansible Playbook.

# apt list nginx
# sudo ufw status
# sudo ufw status verbose
---
- name: ufw module demo
  hosts: all
  become: true
  tasks:
- name: nginx installed
      ansible.builtin.apt:
        name: "nginx"
        state: "present"
        update_cache: true
- name: ufw enabled
      community.general.ufw:
        state: "enabled"
        policy: "deny"
        logging: "on"
- name: ufw rules
      community.general.ufw:
        rule: "allow"
        port: "{{ item }}"
        proto: "tcp"
      with_items:
        - "22"
        - "80"
        - "443"

code with ❤️ in GitHub

Recap

Now you know how to open firewall ports in Debian-like systems with Ansible using UFW, the uncomplicated Firewall. Subscribe to the YouTube channel, Medium, Website and Twitter to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 100+ Automation Examples For Linux and Windows System Administrator and DevOps

Access the Complete Book and Learn Quick Ansible by 200+ Examples

Donate

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Trustpilot
Follow me

Subscribe not to miss any new releases

September 3, 2021

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress